Some javascript/style in this post has been disabled (
why?)
Jamie,
As you pointed out most of the compliance definitions for
configuration settings like the ones you referred to are available in the FDCC
SCAP content provided by NIST and in the Microsoft published security baselines.
For this reason there has not been a lot of community interest in adding them to
the oval repository. The compliance content that we do have is all outside the
scope of the FDCC and the Microsoft security baseline. My feeling for now is
that if you have configuration checks that are not covered by these other
source it would make sense to add them to the oval repository.
Regards,
Jon
============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]
From: Jaime Blasco
[mailto:[hidden email]]
Sent: Tuesday, September 08, 2009 7:35 PM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: [OVAL-DISCUSSION-LIST] compliance checks
Hi,
I have some oval compliance definitions to check things like
screensaver lockout, tcp/ip
security parameters and so on.
I was wondering if these definitions
have sense or the compliance repository is deprecated and cover with XCCDF
stuff.
Regards
--
_______________________________
Jaime Blasco
www.ossim.com
www.alienvault.com
Email: [hidden email]
To unsubscribe, send an email message to [hidden email] with SIGNOFF
OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties,
write to [hidden email].
To unsubscribe, send an email message to
[hidden email] with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message. If you have difficulties, write to
[hidden email].
