Interested in a RHEL6 STIG and SCAP workshop?

With the recent DISA publication of the draft STIG, the timing seems right to host a STIG workshop. NSA IAD and Red Hat will be hosting a public STIG and SCAP workshop on Tuesday 26-MAR-2013. Additionally, DISA FSO will be in attendance to hear feedback from the community. You can register here:

In the March 26th workshop we will:

  • Share knowledge on the installation of SCAP Security Guide (SSG). How to run a scan, how to customize settings, how to get a report that you can show your ISSE/ISSM, and hw to generate a certification test plan based on your customized rules.
  • Go a bit deeper, and understand how the code works. Answering questions like: “What is XCCDF, OVAL, and OCIL?” “How can you add your own custome rules?”
  • Prep your environment to submit patches back to SSG, including learning how to setup git and how to create a Fedora Hosted account.
  • Chat about what additional profiles are needed. How should we handle CNSSI 12-53? What about PCI compliance?

We’ll go through Red Hat Enterprise Linux 6 SCAP content, including the STIG, performing scans, and generating C&A artifacts. Attendees can take this setup home and use it to start providing feedback against the RHEL6 STIG.

Sign up for the workshop!
Date: Tuesday March 26, 2013, with three 2-hour workshop intervals to choose from. Limited availability per session!

MORNING SESSION: Red Hat Office, 8260 Greensboro Drive, Suite 300, McLean, VA
Morning 0800-1000

AFTERNOON SESSIONS: NSA unclassified facility in the BWI area. Address will be sent to registered attendees.
Afternoon: 1200 – 1400
Afternoon: 1430 – 1630

Registration at:

Tags: , , ,