In my view, this would fall under CVEs -- SSG is used to verify configuration compliance (CCEs).
-- Paul C. Arnold IT Systems Engineer Cole Engineering Services, Inc. ________________________________________ From: [email protected] [[email protected]] on behalf of Ron Colvin [[email protected]] Sent: Friday, August 14, 2015 01:47 PM To: SCAP Security Guide Subject: OpenSSH patch A patch for the SSH bug that bypassed the MaxAuthTries limit was just patched. Has MaxAuthTries been considered as a control in the security guide? http://www.openssh.com/txt/release-7.0 https://threatpost.com/openssh-7-0-fixes-four-flaws/114265 -- ******************************************************** Ron Colvin CISSP, CAP, CEH Certified Security Analyst NASA - Goddard Space Flight Center <[email protected]> Direct phone 301-286-2451 NASA Jabber ([email protected]) AIM rcolvin13 NASA LCS ([email protected]) ******************************************************** -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
