Still waiting for RedHat 6.0 to be released: The new program secstate looks very interesting. It is being published from Tresys which has a CLIP project in place. This is a version of RedHat which has been locked down based on the CIS benchmark or in this case the new FDCC / USGBC standard. The important thing is the use of puppet in both cases to manage the secure configuration.
I also like how they (Tresys) have mapped some of the CLIP security controls back to FISMA controls; So, with some sort of reporting on the status of the system, it is possible to automate reporting of how the system is doing in terms of FISMA.
No comments:
Post a Comment