Wow, I get busy for a week and I miss a critical thread (to me anyway)! SIMP is absolutely complimentary to the SSG and to OpenSCAP. The SSG is part of the policy/guidance stack upon which SIMP is based. The goal of SIMP is to be able to ramp teams up to the 80% mark in terms of both functionality and compliance that pretty much all teams require.
Instead of being rigid, we are attempting to allow for maximum operational flexibility so that 1) you understand what you've got on your systems 2) you understand *exactly* what you've changed over time, and 3) you can make minute changes to systems based on operational requirements and repeat the whole deal consistently across different environments. We've had a bumpy ride transitioning to working with the standard Internet stack but we've gotten to the point where others should be able to successfully build the SIMP installation stack. The community is starting to get some traction and, as soon as we figure out what to do about SourceForge, things should be relatively smooth sailing moving forward. Thanks, Trevor On Sun, Jul 19, 2015 at 5:51 AM, Simon Lukasik <[email protected]> wrote: > On 07/17/2015 04:11 AM, Gallagher, Michael L wrote: > >> Hello, I would like to hear from the members on the list about how >> various projects in the SSG ecosystem relate to the recently disclosed >> SIMP from the NSA. Obviously, it leverages the scanning tools that are >> part of the RHEL distribution. Is it viewed as complimentary or >> redundant? >> >> https://github.com/NationalSecurityAgency/SIMP >> >> *Mike Gallagher, CISSP, CEH* >> >> > Purely from engineering stand-point, I pay tribute for what the SIMP team > achieved. They have been able to orchestrate a lot of emerging > technologies, technologies that change quickly, and put them together in a > meaningful way. I also applaud to their courage to open-source whole thing. > I wish it will pay off. > > Best, > > -- > Šimon Lukašík > Security Technologies, Red Hat, Inc. > > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 -- This account not approved for unencrypted proprietary information --
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
