jOVAL is currently soliciting for beta testers for automated STIG evaluation on Apple OSX.  Those interested should contact jOVAL via http://joval.org/contact for more information.

[NB: cross-posting to the scap-on-apple list]

Regards,
--David Solin

On 2/10/2014 4:56 PM, Colvin, Ron (GSFC-700.0)[VALADOR INC] wrote:
For those on the list using CIS or looking for security guidance rather than compliance the Benchmark for 10.8 was released last week. We are hoping to get 10.9 out in a couple months, depending on how many changes there are from 10.8. 

https://benchmarks.cisecurity.org/downloads/show-single/?file=osx108.100

Mobile

On Feb 10, 2014, at 5:40 PM, "John Oliver" <john.n.oliver.ctr@navy.mil> wrote:

It looks like that project is languishing.  This makes me sad.

I attended (virtually) the OSD Apple Engineering Coalition kickoff last week, and, coincidentally, just found out about and volunteered for a working group to address enterprise management of Macs at SSC.  One of the obvious issues we have with Macs on a government network is STIGs, the rapid release and die-off schedule for OSX, and the three years it takes DISA to release a STIG (BTW: I believe we can expect a STIG for Mountain Lion maybe in a month or so?)

Red Hat addressed this issue with their own open source SCAP Security Guide project.  That's the official upstream for STIGs for Red Hat now, and they can get it done in about a year.  Something like this would be a tremendous resource for Apple and for those of us who use Apple products.

I hope we can light a fire and help SCAP-on-Apple to succeed!

Anyone who's interested in DoDAEC – I can forward on some info to anyone with a CAC who works on a DoD program.  They created a trifold but it weighs in at 12MB so I won't be attaching it :-)


--

 John Oliver | SAIC

 Defense & Maritime Solutions

 Surveillance and Reconnaissance Solutions Division

 SPAWAR Systems Center Pacific | Code 53223

 Sr. Systems Administrator

 Bldg 600 | Room 428N

 Office: (619) 553-9567

 john.n.oliver@saic.com

 joliver@spawar.navy.smil.mil

 DCO: john.oliver8@chat.dco.dod.mil

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (Fed-talk@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/fed-talk/ron.colvin%40nasa.gov

This email sent to ron.colvin@nasa.gov


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (Fed-talk@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/fed-talk/david%40joval.org

This email sent to david@joval.org


--

jOVAL.org: SCAP Simplified.
Learn More | Features | Download