[CCE-WORKING-GROUP-LIST] CCEs for Mac OSX

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[CCE-WORKING-GROUP-LIST] CCEs for Mac OSX

Randal Taylor
I was wondering if there has been any work done to generate CCE IDs for
Mac OSX?  We have some draft OSX SCAP content we plan on contributing to
the community.  Seemed like a good idea to include CCEs for each rule
but I cant' seem to find any.

Randy

Randal S. Taylor
ThreatGuard, Inc.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [CCE-WORKING-GROUP-LIST] CCEs for Mac OSX

Adam Montville
There are many platforms without public CCEs.  I am curious to understand
work that has been done beyond just Mac OSX.  For example:

Cisco IOS
Cisco PIX
MS IIS6/7
IBM DB2
Oracle 11g (and others)
SuSE
AIX 6.x
RHEL 6
. . .


Adam


On 2/1/12 6:47 AM, "Randal Taylor" <[hidden email]> wrote:

>I was wondering if there has been any work done to generate CCE IDs for
>Mac OSX?  We have some draft OSX SCAP content we plan on contributing to
>the community.  Seemed like a good idea to include CCEs for each rule
>but I cant' seem to find any.
>
>Randy
>
>Randal S. Taylor
>ThreatGuard, Inc.
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [CCE-WORKING-GROUP-LIST] CCEs for Mac OSX

Sain, Joe
Adam -

This is a great topic, and it's very timely!  As you know, our policy is
that each CCE be tied to a publicly available security guide or
authoritative source, and your wish list matches up well with the manifest
of published DISA STIGs and CIS Benchmarks. We have had discussions with
both DISA and CIS regarding the expansion of CCE's Platform coverage through
the generation of CCE content based on their publications. We expect to
begin this collaboration in the very near future.

We have also been working closely this week with Microsoft in the
development of CCEs for Exchange 2007 and Exchange 2010. As these are new
Platform Groups, they will be sent to the CCE Working Group for review and
approval prior to their publication.

It would also be good to hear from the CCE Working Group audit vendor
community. Have any of you created some form of automated content to audit
systems against the baselines specified in the DISA STIGs or CIS Benchmarks?
We would encourage you and all audit vendors to coordinate with us to see if
your content repositories could be leveraged to generate CCE candidates for
issues listed in the DISA STIGs and CIS Benchmarks. If you or anybody else
would like to collaborate on such a project, please let us know.

As we've discussed at past Developer Days and Working Group meetings, the
future of CCE rests entirely on volunteer organizations stepping forward to
submit well formed CCE candidates. We are looking forward to partnering with
all interested parties who have created structured content derived from
these baselines.

Regards,

Joe Sain
CCE Task Lead
The MITRE Corporation



-----Original Message-----
From: Adam Montville [mailto:[hidden email]]
Sent: Friday, February 03, 2012 2:37 PM
To: cce-working-group-list
Subject: Re: [CCE-WORKING-GROUP-LIST] CCEs for Mac OSX

There are many platforms without public CCEs.  I am curious to understand
work that has been done beyond just Mac OSX.  For example:

Cisco IOS
Cisco PIX
MS IIS6/7
IBM DB2
Oracle 11g (and others)
SuSE
AIX 6.x
RHEL 6
. . .


Adam


On 2/1/12 6:47 AM, "Randal Taylor" <[hidden email]> wrote:

>I was wondering if there has been any work done to generate CCE IDs for
>Mac OSX?  We have some draft OSX SCAP content we plan on contributing to
>the community.  Seemed like a good idea to include CCEs for each rule
>but I cant' seem to find any.
>
>Randy
>
>Randal S. Taylor
>ThreatGuard, Inc.
>

smime.p7s (4K) Download Attachment
Loading...