[SCAP-On-Apple-Dev] [Fed-Talk] What happened with SCAP-on-Apple?

David Solin david at joval.org
Tue Jun 3 13:01:11 PDT 2014 

jOVAL is currently soliciting for beta testers for automated STIG 
evaluation on Apple OSX.  Those interested should contact jOVAL via 
http://joval.org/contact for more information.

[NB: cross-posting to the scap-on-apple list]

Regards,
--David Solin

On 2/10/2014 4:56 PM, Colvin, Ron (GSFC-700.0)[VALADOR INC] wrote:
> For those on the list using CIS or looking for security guidance 
> rather than compliance the Benchmark for 10.8 was released last week. 
> We are hoping to get 10.9 out in a couple months, depending on how 
> many changes there are from 10.8.
>
> https://benchmarks.cisecurity.org/downloads/show-single/?file=osx108.100
>
> Mobile
>
> On Feb 10, 2014, at 5:40 PM, "John Oliver" <john.n.oliver.ctr at navy.mil 
> <mailto:john.n.oliver.ctr at navy.mil>> wrote:
>
>> It looks like that project is languishing.  This makes me sad.
>>
>> I attended (virtually) the OSD Apple Engineering Coalition 
>> <https://dodaec.osd.mil/> kickoff last week, and, coincidentally, 
>> just found out about and volunteered for a working group to address 
>> enterprise management of Macs at SSC.  One of the obvious issues we 
>> have with Macs on a government network is STIGs, the rapid release 
>> and die-off schedule for OSX, and the three years it takes DISA to 
>> release a STIG (BTW: I believe we can expect a STIG for Mountain Lion 
>> maybe in a month or so?)
>>
>> Red Hat addressed this issue with their own open source SCAP Security 
>> Guide <https://fedorahosted.org/scap-security-guide/> project. 
>>  That's the official upstream for STIGs for Red Hat now, and they can 
>> get it done in about a year.  Something like this would be a 
>> tremendous resource for Apple and for those of us who use Apple products.
>>
>> I hope we can light a fire and help SCAP-on-Apple to succeed!
>>
>> Anyone who's interested in DoDAEC – I can forward on some info to 
>> anyone with a CAC who works on a DoD program.  They created a trifold 
>> but it weighs in at 12MB so I won't be attaching it :-)
>>
>>
>> --
>>
>>  John Oliver | SAIC
>>
>>  Defense & Maritime Solutions
>>
>>  Surveillance and Reconnaissance Solutions Division
>>
>>  SPAWAR Systems Center Pacific | Code 53223
>>
>>  Sr. Systems Administrator
>>
>>  Bldg 600 | Room 428N
>>
>>  Office: (619) 553-9567
>>
>> john.n.oliver at saic.com <mailto:john.n.oliver at saic.com>
>>
>> joliver at spawar.navy.smil.mil <mailto:joliver at spawar.navy.smil.mil>
>>
>>  DCO: john.oliver8 at chat.dco.dod.mil 
>> <mailto:john.oliver8 at chat.dco.dod.mil>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list      (Fed-talk at lists.apple.com 
>> <mailto:Fed-talk at lists.apple.com>)
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/fed-talk/ron.colvin%40nasa.gov
>>
>> This email sent to ron.colvin at nasa.gov <mailto:ron.colvin at nasa.gov>
>
>
>   _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list      (Fed-talk at lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/fed-talk/david%40joval.org
>
> This email sent to david at joval.org


-- 

jOVAL.org: SCAP Simplified.
Learn More <http://www.joval.org> | Features 
<http://www.joval.org/features/> | Download 
<http://www.joval.org/download/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/scap-on-apple-dev/attachments/20140603/cbe797a7/attachment.html>

More information about the SCAP-On-Apple-Dev mailing list