Yes -- it is highly desirable to have a fully transparent view of the relationship between SSG and the STIG, as FSO is a major issuer of security baselines.
Things have been very successful in that regard so far, and description of how they could get better (to address where/why any semantic differences would creep in) is most welcome. On 02/19/2014 12:50 PM, Steinke, Leland J Sr CTR DISA FSO (US) wrote: >> >> Forking on GitHub is a bit different. Using Greg Elin's GitMachines >> project as an example, forking SSG on GitHub would allow us to: >> - Track that GitMachines forked SSG; >> - Establish a parent/child relationship with downstream projects; >> - Remind the GitMachine developers that SSG is the upstream for SCAP >> content, hopefully driving them to submit pathes/bugs >> > > This process could help facilitate synchronization between the SSG and the > STIG. > > If Steve Grubb has reservations, however, that should give pause. > > > Regards, > -- > Leland Steinke, Security+ > DISA FSO Technical Support Contractor > tapestry technologies, Inc > 717-267-5797 (DSN 570) > [email protected] (gov't) > [email protected] (com'l) > > > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
