IIRC the ENS standard uses ISO 27001 which CentOS doesn't meet. In addition if ISO/IEC 15408 is applied against ENS, CentOS does not meet this in any way.
I'm not an expert on this, but AFAIK ISO 27001 is all about managing security, I don't know any requirements regarding using "certified" or "vendor" OS. As a matter of fact, I know several ISO 27001 companies that uses CentOS, Debian or other "community" Linux distro. And regarding ENS, there is a guide on hardening CentOS 7 for ENS, so I guess it's a "supported" OS If you have any document stating that you can not meet ISO27001 or ENS using CentOS (or any other community Linux), I'm very interested on reading it Salu2! -- Miguel Armas CanaryTek Consultoria y Sistemas SL http://www.canarytek.com/ ________________________________ De: Gabe Alford <redhatri...@gmail.com> Enviado: martes, 10 de diciembre de 2019 15:51 Para: SCAP Security Guide <scap-security-guide@lists.fedorahosted.org> Asunto: Re: Define profile for centos7 derivative IIRC the ENS standard uses ISO 27001 which CentOS doesn't meet. In addition if ISO/IEC 15408 is applied against ENS, CentOS does not meet this in any way. On Tue, Dec 10, 2019 at 3:33 AM Kuko Armas <k...@canarytek.com<mailto:k...@canarytek.com>> wrote: Hello, I'm starting to take a look at the SSG content repo in github, and I tried to create a new profile for rhel7 for the spanish ENS (National Security Scheme). But when I build the content, I get the new profile only on the rhel7 main product and not on the derivatives (centos7 and sl7) I also noticed that in the derivatives data source there are only two profiles: standard and pci-dss, none of the additional profiles are included. I guess it may be because in some profiles you really need rhel7 and not a community release, because they are not certified, but as I understand in my case (ENS) centos is included in the hardening guides. What do I need to do if I wan't to include it in the derivatives? Salu2! -- Miguel Armas CanaryTek Consultoria y Sistemas SL http://www.canarytek.com/ _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org<mailto:scap-security-guide@lists.fedorahosted.org> To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org<mailto:scap-security-guide-le...@lists.fedorahosted.org> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
