Hi all,
Here are minutes for the scap-security-guide meeting at DuClaw on 8/28.
Attendance was less than we'd hoped -- maybe we'll have more next time!
We want to prioritize the following activities:
1) Review/act/closeout existing Trac tickets. (Working on it this
afternoon!)
2) Comprehensive proofread of the XCCDF guide.
3) Get with DISA FSO to sync on how to link the project's STIG profile
in XCCDF, with whatever they can ingest. This is really important to
make sure that the OVAL testing corresponds to the right XCCDF.
4) Continued OVAL testing (in parallel), with results captured
graphically. Currently the table with testing info should be captured
in the file table-stig-rhel6-shorttitles.html. (Oddly this doesn't quite
seem to be working, and it should likely be captured in a different file
anyway.) Ambition is to use maven and jenkins for testing against
openscap, and even other tools such as SCC.
5) Decide how to handle any references to NIST 800-53 controls in some
intellectually coherent/consistent way, to the extent possible.
6) Issue the prose guide and automated checking content, following the
testing of the OVAL content. This may precede the DISA issuance of
automated content. This should occur prior to the Red Hat Government
Symposium on Nov 6.
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
