jOVAL is currently soliciting for beta testers for automated STIG evaluation on Apple OSX. Those interested should contact jOVAL via http://joval.org/contact for more information. [NB: cross-posting to the scap-on-apple list] Regards, --David Solin On 2/10/2014 4:56 PM, Colvin, Ron (GSFC-700.0)[VALADOR INC] wrote:

For those on the list using CIS or looking for security guidance rather than compliance the Benchmark for 10.8 was released last week. We are hoping to get 10.9 out in a couple months, depending on how many changes there are from 10.8.

https://benchmarks.cisecurity.org/downloads/show-single/?file=osx108.100

Mobile

On Feb 10, 2014, at 5:40 PM, "John Oliver" <john.n.oliver.ctr@navy.mil <mailto:john.n.oliver.ctr@navy.mil>> wrote:

...

It looks like that project is languishing. This makes me sad.

I attended (virtually) the OSD Apple Engineering Coalition <https://dodaec.osd.mil/> kickoff last week, and, coincidentally, just found out about and volunteered for a working group to address enterprise management of Macs at SSC. One of the obvious issues we have with Macs on a government network is STIGs, the rapid release and die-off schedule for OSX, and the three years it takes DISA to release a STIG (BTW: I believe we can expect a STIG for Mountain Lion maybe in a month or so?)

Red Hat addressed this issue with their own open source SCAP Security Guide <https://fedorahosted.org/scap-security-guide/> project. That's the official upstream for STIGs for Red Hat now, and they can get it done in about a year. Something like this would be a tremendous resource for Apple and for those of us who use Apple products.

I hope we can light a fire and help SCAP-on-Apple to succeed!

Anyone who's interested in DoDAEC – I can forward on some info to anyone with a CAC who works on a DoD program. They created a trifold but it weighs in at 12MB so I won't be attaching it :-)

--

John Oliver | SAIC

Defense & Maritime Solutions

Surveillance and Reconnaissance Solutions Division

SPAWAR Systems Center Pacific | Code 53223

Sr. Systems Administrator

Bldg 600 | Room 428N

Office: (619) 553-9567

john.n.oliver@saic.com <mailto:john.n.oliver@saic.com>

joliver@spawar.navy.smil.mil <mailto:joliver@spawar.navy.smil.mil>

DCO: john.oliver8@chat.dco.dod.mil <mailto:john.oliver8@chat.dco.dod.mil>

_______________________________________________ Do not post admin requests to the list. They will be ignored. Fed-talk mailing list (Fed-talk@lists.apple.com <mailto:Fed-talk@lists.apple.com>) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/fed-talk/ron.colvin%40nasa.gov

This email sent to ron.colvin@nasa.gov <mailto:ron.colvin@nasa.gov>

_______________________________________________ Do not post admin requests to the list. They will be ignored. Fed-talk mailing list (Fed-talk@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/fed-talk/david%40joval.org

This email sent to david@joval.org

-- jOVAL.org: SCAP Simplified. Learn More <http://www.joval.org> | Features <http://www.joval.org/features/> | Download <http://www.joval.org/download/>