Category: compliance

Tackling compliance with OpenControl

    Placing information systems on government networks requires system owners to follow the NIST Risk Management framework, or an agency-specific tailored variant of it. Following this framework requires extensive¬†documentation — even the government provided “Guide for Applying the Risk Management Framework to Federal Information Systems” is 102 pages long! The OpenControl project¬†was created to […]

Read More

Draft NIST 800-171 baseline for RHEL7

Initial guidance on configuring RHEL7 against NIST 800-171/CUI has been developed. Below is a short(ish) background on NIST 800-171/Controlled Unclassified Information, sample security compliance guides and reports, and how you can give feedback (or participate!) on this work.

Read More