On Thu, May 22, 2014 at 9:00 PM, Spencer Shimko <[email protected]> wrote: > On Thu, May 22, 2014 at 5:06 PM, Shawn Wells <[email protected]> wrote: >> >> On 5/22/14, 3:43 PM, Derek Warner wrote: >>> >>> Any chance anyone is working on getting SCAP to work on CENTOS? I would >>> love to use the scap security guide and secstate to validate CENTOS 6.5. >>> Right now its a manual process going line by line in the RHEL 5 STIG. I >>> would really love to find out if anyone has anything automated that works on >>> CENTOS. >> >> >> Given that CentOS isn't allowed on DoD networks, there is no STIG, no common >> criteria, no support, and doesn't meet any of the mandatory regulatory >> requirements, what's driving the need? > > I apologize as I replied elsewhere but should have read through the > entire thread first. > > Shawn, what leads you to believe CentOS isn't allowed on DoD networks? > The 8500.1 section 4.19 makes the contrary quite clear to me - CentOS > (et al) are acceptable component in a solution when it comes to > meeting a compelling operational requirement. Perhaps I'm > misinterpreting that document though.
Shawn, I think this is an important issue that needs to be addressed. What is leading you to the conclusion that CentOS is not allowed on DoD networks? If I'm mistaken please point out the reasons why. Similarly, if you're mistaken please let us know. Either way, that ensures that those providing guidance to others are providing accurate information on the subject. Thanks, --Spencer > > Thanks, > --Spencer _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
