Thank you, that does help, but a few followup questions. In the SCAP content on the https://fedorahosted.org/scap-security-guide/ there are several profiles in the ssg-rhel6-xccdf.xml: server, stig-rhel6-server, usgcb-rhel6-server
I'm trying to understand if these are profiles that have been submitted to NIST or DISA and are waiting for approval? Are these the accepted baselines for a RH Server at this point? Should I use the usgcb or stig profile? Just trying to wrap my head around this since we want to start using one of these. In your statement below "The DISA STIG content is based on the SCAP Security Guide (SSG) content." Does that mean that the Content on the https://fedorahosted.org/scap-security-guide/ was used by DISA to create the Standalone XCCDF - RedHat 6 STIG, Version 1, Release 2"? Obviously new to this and trying to understand. Thanks On Wed, Dec 11, 2013, at 02:29 PM, Steinke, Leland J Sr CTR DISA FSO (US) wrote: > The DISA STIG content is based on the SCAP Security Guide (SSG) content. > DISA's STIG-creation processes and additional requirements have caused > some divergence in content between the STIG and the SSG. Getting the > actual content (as opposed to the way the content is formatted) in synch > is an ongoing effort. The difference in the XCCDF between the STIG and > the SSG is an artifact of the way SCAP has been implemented at DISA. > > I hope this answers some of your questions. > > > Thanks, > Leland > -- > Leland Steinke, Security+ > DISA FSO Technical Support Contractor > tapestry technologies, Inc > 717-267-5797 (DSN 570) > [email protected] (gov't) > [email protected] (com'l) > > > > -----Original Message----- > > From: [email protected] [mailto:scap- > > [email protected]] On Behalf Of > > [email protected] > > Sent: Tuesday, December 10, 2013 7:42 PM > > To: [email protected] > > Subject: Understanding Content > > > > We are considering using one of the RH6 profiles from the SCAP content > > on this site as a benchmark for our systems. I've looked over the site > > and still have a few questions. > > > > Is the content and profiles here based off the "Standalone XCCDF - Red > > Hat 6 STIG, Version 1, Release 2"? Or is this a completely unrelated > > effort? The "Standalone XCCDF - Red Hat 6 STIG, Version 1, Release 2" > > has 9 profiles ranging from MAC 1 to MAC 3, but they all have the same > > checks enabled, so not much help to me. How are the Profiles found in > > the SCAP content on this site determined? They seem to be good > > realistic > > profiles, but I'm just curious how the Profile configuration was > > determined. I am just trying to understand the relationship between > > the > > DISA Standalone XCCDF - Red Hat 6 STIG, Version 1, Release 2 and the > > content found on the https://fedorahosted.org/scap-security-guide/ > > site. > > _______________________________________________ > > scap-security-guide mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > Email had 1 attachment: > + smime.p7s > 7k (application/x-pkcs7-signature) _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
