CONFIRMED: Remediation Standards telecon, Dec 1 (this Wednesday)
Thanks to the many positive responses, we will have a remediation
standards teleconference as proposed, this Wednesday, December 1st,
from 1:00-4:00 PM EST (UTC -0500). Apologies to the few who responded
that they had conflicts. Minutes of the call will be made available.
Meeting ID: 147852
+1 781-271-6338 (Bedford, MA region) or
+1 703-983-6338 (Washington DC region, Nationally or Internationally)
Here's some more detail on the agenda items mentioned in the original
CRE & ERI:
- Platform associations. Some CREs may address concerns on one
target platform (e.g., Windows 7) but be implemented on another
(e.g., Windows Server 2008 R2). Which platform(s) should be
associated with such CREs?
- Reboot/restart information. Some CREs require a system reboot to
be effective. For some, that reboot can be delayed for a time
without causing problems; others may leave the machine unstable
without an immediate restart. Some may inherently cause a system
reboot, or do so by default. Others may need a particular service
or process to be stopped or restarted. Some CREs may need
single-user or safe mode to enact. What should we track in
- ID integrity. "Fat-fingering" a CVE or CCE ID can cause problems.
Mistakes in CRE IDs could be much more serious. Should CRE IDs
include a check digit or some other means to try to catch ID usage
- Introduction to Remediation Policy and its place in the workflow.
- Specifying CRE parameters in Remediation Policy: requirements and
- Asset types or indicators. What criteria should be allowed to
describe the types of assets CREs apply to? CPE, CVE, CCE,
organizational unit, system function, network location, others?
- CRE preference. Should policy indicate required CREs? Preferred,
allowed, disallowed? Preference order? Do exception handling use
cases (documentation required if standard policy is not followed)
imply requirements for CRE preference in Remediation Policy?
--Woj Matthew N. Wojcik [hidden email] 781 271-8056 office CCE Team
617 872-6247 mobile Remediation Standardization
To unsubscribe from this mailing list, please send an e-mail to
[hidden email] with the words "unsubscribe xccdf-dev" in the
body. You will need to send this from the email account that you
used to initially subscribe to xccdf-dev.