[Xccdf-dev] CVE and CCE baseline checklist deviations

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Xccdf-dev] CVE and CCE baseline checklist deviations

Day, Barton (CMS/OIS)

Hello and good afternoon, I am looking for reporting template for CVE and CCE baseline checklist deviations. I found the following link but it appears to be broken http://nvd.nist.gov/xccdf.cfm

 

Can you please assist?

 

 

 

Thanks,

 

Barton Day

Information Systems Security Officer (ISSO)

Division of Information Security Policy and Compliance (DISPC)

Enterprise Information Security Group (EISG)

Centers for Medicare & Medicaid Services

PH: (410) 786-0393

 


_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].
JA
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xccdf-dev] CVE and CCE baseline checklist deviations

JA
Hi,

could that help?
http://mpreisle.fedorapeople.org/openscap/report-xccdf.html
(from http://www.open-scap.org/page/Documentation )

Regards

2014-07-03 18:24 GMT+02:00 Day, Barton (CMS/OIS) <[hidden email]>:

> Hello and good afternoon, I am looking for reporting template for CVE and
> CCE baseline checklist deviations. I found the following link but it appears
> to be broken http://nvd.nist.gov/xccdf.cfm
>
>
>
> Can you please assist?
>
>
>
>
>
>
>
> Thanks,
>
>
>
> Barton Day
>
> Information Systems Security Officer (ISSO)
>
> Division of Information Security Policy and Compliance (DISPC)
>
> Enterprise Information Security Group (EISG)
>
> Centers for Medicare & Medicaid Services
>
> PH: (410) 786-0393
>
>
>
>
> _______________________________________________
> XCCDF-dev mailing list
> [hidden email]
> To unsubscribe, send an email message to [hidden email].
_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Xccdf-dev] CVE and CCE baseline checklist deviations

Day, Barton (CMS/OIS)
Thanks for the response.

What template or tool do you use to report the CCE/CVE configuration settings you chose not to implement in your baseline system configuration? In the past when we were supporting only a few distinct products/checklists we used a simple excel spreadsheet template to track our baseline deviations. However this reporting mechanism may prove unsound when attempting to scale it to hundreds if not thousands of distinct systems. In an effort to simplify reporting across the agency we want  to use the same tool for all systems.

Are you aware of a template that is generic  enough to support reporting deviations for all target products/checklists in the NCP Repository? http://web.nvd.nist.gov/view/ncp/repository 

Thanks


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Jerome Athias
Sent: Thursday, July 03, 2014 2:28 PM
To: [hidden email]
Subject: Re: [Xccdf-dev] CVE and CCE baseline checklist deviations

Hi,

could that help?
http://mpreisle.fedorapeople.org/openscap/report-xccdf.html
(from http://www.open-scap.org/page/Documentation )

Regards

2014-07-03 18:24 GMT+02:00 Day, Barton (CMS/OIS) <[hidden email]>:

> Hello and good afternoon, I am looking for reporting template for CVE
> and CCE baseline checklist deviations. I found the following link but
> it appears to be broken http://nvd.nist.gov/xccdf.cfm
>
>
>
> Can you please assist?
>
>
>
>
>
>
>
> Thanks,
>
>
>
> Barton Day
>
> Information Systems Security Officer (ISSO)
>
> Division of Information Security Policy and Compliance (DISPC)
>
> Enterprise Information Security Group (EISG)
>
> Centers for Medicare & Medicaid Services
>
> PH: (410) 786-0393
>
>
>
>
> _______________________________________________
> XCCDF-dev mailing list
> [hidden email]
> To unsubscribe, send an email message to [hidden email].
_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].

_______________________________________________
XCCDF-dev mailing list
[hidden email]
To unsubscribe, send an email message to [hidden email].
Loading...