<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    jOVAL is currently soliciting for beta testers for automated STIG
    evaluation on Apple OSX.  Those interested should contact jOVAL via
    <a class="moz-txt-link-freetext" href="http://joval.org/contact">http://joval.org/contact</a> for more information.<br>
    <br>
    [NB: cross-posting to the scap-on-apple list]<br>
    <br>
    Regards,<br>
    --David Solin<br>
    <br>
    <div class="moz-cite-prefix">On 2/10/2014 4:56 PM, Colvin, Ron
      (GSFC-700.0)[VALADOR INC] wrote:<br>
    </div>
    <blockquote cite="mid:DD4E62E5-8F28-4662-AA72-481D8FAFBBD5@nasa.gov"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <div>For those on the list using CIS or looking for security
        guidance rather than compliance the Benchmark for 10.8 was
        released last week. We are hoping to get 10.9 out in a couple
        months, depending on how many changes there are from 10.8. </div>
      <div><br>
      </div>
      <div><a moz-do-not-send="true"
href="https://benchmarks.cisecurity.org/downloads/show-single/?file=osx108.100">https://benchmarks.cisecurity.org/downloads/show-single/?file=osx108.100</a><br>
        <br>
        Mobile</div>
      <div><br>
        On Feb 10, 2014, at 5:40 PM, "John Oliver" &lt;<a
          moz-do-not-send="true"
          href="mailto:john.n.oliver.ctr@navy.mil">john.n.oliver.ctr@navy.mil</a>&gt;
        wrote:<br>
        <br>
      </div>
      <blockquote type="cite">
        <div>
          <div>
            <div>
              <div>It looks like that project is languishing.  This
                makes me sad.</div>
              <div><br>
              </div>
              <div>I attended (virtually) the <a moz-do-not-send="true"
                  href="https://dodaec.osd.mil/">OSD Apple Engineering
                  Coalition</a> kickoff last week, and, coincidentally,
                just found out about and volunteered for a working group
                to address enterprise management of Macs at SSC.  One of
                the obvious issues we have with Macs on a government
                network is STIGs, the rapid release and die-off schedule
                for OSX, and the three years it takes DISA to release a
                STIG (BTW: I believe we can expect a STIG for Mountain
                Lion maybe in a month or so?)</div>
              <div><br>
              </div>
              <div>Red Hat addressed this issue with their own open
                source <a moz-do-not-send="true"
                  href="https://fedorahosted.org/scap-security-guide/">
                  SCAP Security Guide</a> project.  That's the official
                upstream for STIGs for Red Hat now, and they can get it
                done in about a year.  Something like this would be a
                tremendous resource for Apple and for those of us who
                use Apple products.</div>
              <div><br>
              </div>
              <div>I hope we can light a fire and help SCAP-on-Apple to
                succeed!</div>
              <div><br>
              </div>
              <div>Anyone who's interested in DoDAEC – I can forward on
                some info to anyone with a CAC who works on a DoD
                program.  They created a trifold but it weighs in at
                12MB so I won't be attaching it :-)</div>
              <div>
                <p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
                  font-size: 11pt; "><br>
                </p>
                <p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
                  font-size: 11pt; ">--<o:p></o:p></p>
                <p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
                  font-size: 11pt; "> John Oliver | SAIC<o:p></o:p></p>
                <p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
                  font-size: 11pt; "> Defense &amp; Maritime Solutions<o:p></o:p></p>
                <p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
                  font-size: 11pt; "> Surveillance and Reconnaissance
                  Solutions Division<o:p></o:p></p>
                <p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
                  font-size: 11pt; "> SPAWAR Systems Center Pacific |
                  Code 53223<o:p></o:p></p>
                <p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
                  font-size: 11pt; "> Sr. Systems Administrator<o:p></o:p></p>
                <p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
                  font-size: 11pt; "> Bldg 600 | Room 428N<o:p></o:p></p>
                <p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
                  font-size: 11pt; "> Office: (619) 553-9567<o:p></o:p></p>
                <p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
                  font-size: 11pt; "> <a moz-do-not-send="true"
                    href="mailto:john.n.oliver@saic.com" style="color:
                    blue; ">john.n.oliver@saic.com</a></p>
                <p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
                  font-size: 11pt; "> <a moz-do-not-send="true"
                    href="mailto:joliver@spawar.navy.smil.mil">joliver@spawar.navy.smil.mil</a></p>
                <p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
                  font-size: 11pt; "> DCO: <a moz-do-not-send="true"
                    href="mailto:john.oliver8@chat.dco.dod.mil">
                    john.oliver8@chat.dco.dod.mil</a></p>
              </div>
            </div>
          </div>
        </div>
      </blockquote>
      <blockquote type="cite">
        <div><span>_______________________________________________</span><br>
          <span>Do not post admin requests to the list. They will be
            ignored.</span><br>
          <span>Fed-talk mailing list      (<a moz-do-not-send="true"
              href="mailto:Fed-talk@lists.apple.com">Fed-talk@lists.apple.com</a>)</span><br>
          <span>Help/Unsubscribe/Update your Subscription:</span><br>
          <span><a moz-do-not-send="true"
href="https://lists.apple.com/mailman/options/fed-talk/ron.colvin%40nasa.gov">https://lists.apple.com/mailman/options/fed-talk/ron.colvin%40nasa.gov</a></span><br>
          <span></span><br>
          <span>This email sent to <a moz-do-not-send="true"
              href="mailto:ron.colvin@nasa.gov">ron.colvin@nasa.gov</a></span></div>
      </blockquote>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap=""> _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (<a class="moz-txt-link-abbreviated" href="mailto:Fed-talk@lists.apple.com">Fed-talk@lists.apple.com</a>)
Help/Unsubscribe/Update your Subscription:
<a class="moz-txt-link-freetext" href="https://lists.apple.com/mailman/options/fed-talk/david%40joval.org">https://lists.apple.com/mailman/options/fed-talk/david%40joval.org</a>

This email sent to <a class="moz-txt-link-abbreviated" href="mailto:david@joval.org">david@joval.org</a></pre>
    </blockquote>
    <br>
    <br>
    <div class="moz-signature">-- <br>
      <p style="color: #333; font: normal 11px/16px 'Droid Sans', Arial,
        sans-serif;"> <span style="font-size:14px;line-height:18px;">jOVAL.org:
          SCAP Simplified.</span><br>
        <a style="color:#360;" href="http://www.joval.org">Learn More</a>
        | <a style="color:#360;" href="http://www.joval.org/features/">Features</a>
        | <a style="color:#360;" href="http://www.joval.org/download/">Download</a>
      </p>
    </div>
  </body>
</html>