PaulDotCom mailing list archives
Baseline Config Audit policy creation or modification
From: "Albert R. Campa" <abcampa () gmail com>
Date: Fri, 26 Jul 2013 08:28:03 -0500
Hello everyone. :) I am doing some work on baseline/benchmark/compliance/config auditing, and I would like to get some experience feedback on doing editing/modifcation of these benchmarks. As you know there are many standards CIS, DISA, PCI, etc, on many platforms, MS, Linux, DB, Cisco, etc. My questions is for anyone who does this are the following: Do you use default policies from CIS, DISA, etc and run with that? Do you use a CIS, DISA, etc as a start and then modify to org standards? Or do you just create a baseline from scratch? I created a blog post on this, showing my point of view using Nessus and Nexpose. http://compusec.org/2013/07/25/configuration-benchmark-auditing-with-nexpose-and-nessus/ I also want to find out from you how useful would a gui be to edit/create these audit policies? If you read the blog post you will see where I am coming from, as well as Tenable/Rapid7 point of view. Hopefully we have some Nexpose users on this list. ;) Thanks, Albert Campa
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Baseline Config Audit policy creation or modification Albert R. Campa (Jul 27)
- Re: Baseline Config Audit policy creation or modification Jerome Athias (Jul 29)