With the recent DISA publication of the draft STIG, the timing seems right to host a STIG workshop. NSA IAD and Red Hat will be hosting a public STIG and SCAP workshop on Tuesday 26-MAR-2013. Additionally, DISA FSO will be in attendance to hear feedback from the community. You can register here:
In the March 26th workshop we will:
- Share knowledge on the installation of SCAP Security Guide (SSG). How to run a scan, how to customize settings, how to get a report that you can show your ISSE/ISSM, and hw to generate a certification test plan based on your customized rules.
- Go a bit deeper, and understand how the code works. Answering questions like: “What is XCCDF, OVAL, and OCIL?” “How can you add your own custome rules?”
- Prep your environment to submit patches back to SSG, including learning how to setup git and how to create a Fedora Hosted account.
- Chat about what additional profiles are needed. How should we handle CNSSI 12-53? What about PCI compliance?
We’ll go through Red Hat Enterprise Linux 6 SCAP content, including the STIG, performing scans, and generating C&A artifacts. Attendees can take this setup home and use it to start providing feedback against the RHEL6 STIG.
Sign up for the workshop!
Date: Tuesday March 26, 2013, with three 2-hour workshop intervals to choose from. Limited availability per session!
MORNING SESSION: Red Hat Office, 8260 Greensboro Drive, Suite 300, McLean, VA
AFTERNOON SESSIONS: NSA unclassified facility in the BWI area. Address will be sent to registered attendees.
Afternoon: 1200 – 1400
Afternoon: 1430 – 1630
Registration at: https://engage.redhat.com/forms/stig-workshop