> -----Original Message----- > From: Trevor Vaughan [mailto:[email protected]] > Sent: Friday, April 08, 2016 9:51 AM
> I should be able to *easily* start from a base, replace the parts that I need > to, trace back to the original information, and set my own parameters. > > 1) There should be a base CNSS 1253 policy that is the common XCCDF > ground > > 2) Each branch should have their own derived CNSS 1253 policies that > override the requisite XCCDF and OVAL content as necessary > > 3) Nothing should be repeated that is not overridden > > 4) Overrides should be understood in the derived content > > 5) This should be easy...it's not (actually, it appears to be impossible > without > tying yourself in knots) > This is my understanding of what tailoring files are intended to do, do they fall short in your use case? Matt Micene DLT Solutions Solution Architect RHCA# 100-002-435 Direct 703-773-1195 > On Thu, Mar 24, 2016 at 12:48 PM, Shawn Wells <[email protected] > <mailto:[email protected]> > wrote: > > > > > On 3/23/16 6:25 AM, Jan Lieskovsky wrote: > > > Hello Daniel, > > thank you for contacting us. > > ----- Original Message ----- > > > >From: "Dan > Warburton"<[email protected] > <mailto:[email protected]> > > >To: "SCAP Security Guide"<scap-security- > [email protected] <mailto:scap-security- > [email protected]> > > >Sent: Tuesday, March 22, 2016 8:36:27 PM > >Subject: cnssi No 1253 profile needed > > > > > > > > > > > > > >http://static.open-scap.org/ssg-guides/ssg-rhel6- > guide-nist-cl-il-al.html > > > >I cannot locate this guide. I have redhat scap- > security-guide 0.10.21-3.el6 > >which yum says is the latest. > > > This (CNSSI No. 1253) profile has been introduced starting > from upstream > scap-security-guide-0.1.27 release: > [1]https://github.com/OpenSCAP/scap-security- > guide/releases/tag/v0.1.27 > > thus as such is not included in scap-security-guide-0.1.21- > 3.el6 version yet > you mention above. > > > > > > > > >I think the profile for National Security Systems > Instruction (CNSSI) No. > >1253, "Security Categorization and Control Selection > for National Security > >Systems"" > > > > > > > > > > > >How can I get this? rpm preferred > > > AFAIK Red Hat Enterprise Linux 6.8 Beta includes scap- > security-guide RPM based on > upstream 0.1.28 version already: > > http://www.redhat.com/en/about/blog/red-hat- > enterprise-linux-68-beta-now-available > > therefore you can obtain the updated scap-security-guide > RPM from that release for now, > till the moment Red Hat Enterprise Linux 6 Update 8 is > generally available. > > > Hope this helps. > > Let us know if we can be of any further guidance. > > > > Direct link to the beta RPM: > https://access.redhat.com/downloads/content/rhel--- > 6/x86_64/160/scap-security-guide/0.1.28-2.el6/noarch/f21541eb/package > > In regards to a CNSSI profile, we're trying to sort out what that'd > actually mean. NSA's CNSSI 12-53 is different than NRO, which is different > than DISA... who's CNSSI 12-53 overlay to we follow? What would be most > useful/applicable? > > -- > SCAP Security Guide mailing list > [email protected] <mailto:scap-security- > [email protected]> > https://lists.fedorahosted.org/admin/lists/scap-security- > [email protected] > https://github.com/OpenSCAP/scap-security-guide/ > > > > > > -- > > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 > > -- This account not approved for unencrypted proprietary information -- -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
