On 11/12/13, 12:18 AM, Jeffrey Blank wrote:
Relatedly, there is a security controls catalog which is an ISO standard, so I'd be curious to know if there is any interest in linking the SSG content to it: http://en.wikipedia.org/wiki/ISO/IEC_27002
The U.S. gov certifies against requirements derived from NIST 800-53 (e.g. the STIG and CS2 baselines). Is IEC 27002 even relevant to the government?
To even view a copy of the standard one must purchase a copy: http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=54533 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
