Re: Port Request: OpenSCAP
Just came across that about 4 mos ago. :) Seemed like the next generation of tighter security for pfSense. So, HardenedBSD is fork of FreeBSD that is pushing in more defense (passive/active) into all the FreeBSD derivatives? Very cool. Nicer to have something that only has 20 or so CVEs every year versus 200 or more. ;) I just followed a large number of links and found G2 as well. Nice! OpenSCAP, if it could at least give me some sense and peace of mind that I can run it, get a result on paper and show the 'certifiers' that we have complied, I'd be very happy. Thank you for responding so quickly! P On Tuesday, March 26, 2019, 1:50:34 PM EDT, Shawn Webb wrote: I'm not really a compliance guru, so I can't say whether HardenedBSD comes closer to . I have looked into Common Criteria/NIAP briefly for US Federal Government deployments in certain high-security enclaves. HardenedBSD does come closer with CC/NIAP, though there are still gaps to fill. Have you looked at OPNsense? It's a fork of pfSense built on top of HardenedBSD. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE On Tue, Mar 26, 2019 at 05:42:43PM +, Paul Pathiakis wrote: > Sorry for the top-post. > Shawn, > It seems that NIST, FIPS 140-2, and things along those lines are quickly > becoming a complete reality for all people dealing with the US Gov't no > matter what the size company. > So, encryption modules must be FIPs approved for compliance and NIST 800-171 > is the other compliance that is needed. > > I've been tasked with creating an entire, new infrastructure that > meets/complies with those specs.?? So, I dug in a little bit and found SCAP > which lead to OpenSCAP.?? So, I get to put the whole thing behind pfSense > firewalls and show that everything I'm running is compliant with both > standards. > > > Does HardenedBSD meet the requirements? :D?? (crosses fingers) > Paul > > > On Tuesday, March 26, 2019, 1:06:25 PM EDT, Shawn Webb > wrote: > > On Tue, Mar 26, 2019 at 05:02:48PM +, Paul Pathiakis via freebsd-ports >wrote: > > https://www.open-scap.org/ > > > > Hi all, > > > > It's the US NIST scanner for operating system compliance. > > > > I'd like to use FreeBSD and FreeNAS in various places but it has to pass > > compliance. > > I just asked my coworkers about it. They created OpenSCAP. :) > > What compliance requirements are you looking to pass? > > Thanks, > > -- > Shawn Webb > Cofounder and Security Engineer > HardenedBSD > > Tor-ified Signal:?? ?? +1 443-546-8752 > Tor+XMPP+OTR:?? ?? ?? ?? latt...@is.a.hacker.sx > GPG Key ID:?? ?? ?? ?? ?? 0x6A84658F52456EEE > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89?? 3D9E 6A84 658F 5245 6EEE ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Port Request: OpenSCAP
I'm not really a compliance guru, so I can't say whether HardenedBSD comes closer to . I have looked into Common Criteria/NIAP briefly for US Federal Government deployments in certain high-security enclaves. HardenedBSD does come closer with CC/NIAP, though there are still gaps to fill. Have you looked at OPNsense? It's a fork of pfSense built on top of HardenedBSD. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE On Tue, Mar 26, 2019 at 05:42:43PM +, Paul Pathiakis wrote: > Sorry for the top-post. > Shawn, > It seems that NIST, FIPS 140-2, and things along those lines are quickly > becoming a complete reality for all people dealing with the US Gov't no > matter what the size company. > So, encryption modules must be FIPs approved for compliance and NIST 800-171 > is the other compliance that is needed. > > I've been tasked with creating an entire, new infrastructure that > meets/complies with those specs.?? So, I dug in a little bit and found SCAP > which lead to OpenSCAP.?? So, I get to put the whole thing behind pfSense > firewalls and show that everything I'm running is compliant with both > standards. > > > Does HardenedBSD meet the requirements? :D?? (crosses fingers) > Paul > > > On Tuesday, March 26, 2019, 1:06:25 PM EDT, Shawn Webb > wrote: > > On Tue, Mar 26, 2019 at 05:02:48PM +, Paul Pathiakis via freebsd-ports > wrote: > > https://www.open-scap.org/ > > > > Hi all, > > > > It's the US NIST scanner for operating system compliance. > > > > I'd like to use FreeBSD and FreeNAS in various places but it has to pass > > compliance. > > I just asked my coworkers about it. They created OpenSCAP. :) > > What compliance requirements are you looking to pass? > > Thanks, > > -- > Shawn Webb > Cofounder and Security Engineer > HardenedBSD > > Tor-ified Signal:?? ?? +1 443-546-8752 > Tor+XMPP+OTR:?? ?? ?? ?? latt...@is.a.hacker.sx > GPG Key ID:?? ?? ?? ?? ?? 0x6A84658F52456EEE > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89?? 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature
Re: Port Request: OpenSCAP
Sorry for the top-post. Shawn, It seems that NIST, FIPS 140-2, and things along those lines are quickly becoming a complete reality for all people dealing with the US Gov't no matter what the size company. So, encryption modules must be FIPs approved for compliance and NIST 800-171 is the other compliance that is needed. I've been tasked with creating an entire, new infrastructure that meets/complies with those specs. So, I dug in a little bit and found SCAP which lead to OpenSCAP. So, I get to put the whole thing behind pfSense firewalls and show that everything I'm running is compliant with both standards. Does HardenedBSD meet the requirements? :D (crosses fingers) Paul On Tuesday, March 26, 2019, 1:06:25 PM EDT, Shawn Webb wrote: On Tue, Mar 26, 2019 at 05:02:48PM +, Paul Pathiakis via freebsd-ports wrote: > https://www.open-scap.org/ > > Hi all, > > It's the US NIST scanner for operating system compliance. > > I'd like to use FreeBSD and FreeNAS in various places but it has to pass > compliance. I just asked my coworkers about it. They created OpenSCAP. :) What compliance requirements are you looking to pass? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Port Request: OpenSCAP
On Tue, Mar 26, 2019 at 05:02:48PM +, Paul Pathiakis via freebsd-ports wrote: > https://www.open-scap.org/ > > Hi all, > > It's the US NIST scanner for operating system compliance. > > I'd like to use FreeBSD and FreeNAS in various places but it has to pass > compliance. I just asked my coworkers about it. They created OpenSCAP. :) What compliance requirements are you looking to pass? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature