Placing information systems on government networks requires system owners to follow the NIST Risk Management framework, or an agency-specific tailored variant of it. Following this framework requires extensive documentation — even the government provided “Guide for Applying the Risk Management Framework to Federal Information Systems” is 102 pages long! The OpenControl project was created to […]
Initial guidance on configuring RHEL7 against NIST 800-171/CUI has been developed. Below is a short(ish) background on NIST 800-171/Controlled Unclassified Information, sample security compliance guides and reports, and how you can give feedback (or participate!) on this work.