PaulDotCom mailing list archives
do you follow nist docs?
From: rgula at tenablesecurity.com (Ron Gula)
Date: Fri, 30 Oct 2009 20:48:24 -0400
Michael Dickey wrote:
I don't want to usurp Tim's post, but with the mention of NIST, it brings up a question I've always had. Does anyone truly adhere to and build systems based off NIST docs? I'm not talking "inspired by" builds that take a handful of the settings and use them, but actually building to the specs such that you can say your build guide is NIST? This is a bit of a sanity check for me, as I'm skeptical. Don't get me wrong, I'm not dissing NIST! They make for great reading! (Usually.)
Folks in the DOD and US government surely do. We often get support requests to update out Nessus audit polices for Oracle and MS SQL configs within a day or two after DISA releases new content. As DISA makes more XCCDF content, I also think you will also see more adoption of those configuration audit settings commercially. -- Ron Gula, CEO Tenable Network Security
Current thread:
- do you follow nist docs? Michael Dickey (Oct 30)
- do you follow nist docs? Jody & Jennifer McCluggage (Oct 30)
- do you follow nist docs? Ron Gula (Oct 30)
- do you follow nist docs? iamnowonmai (Oct 30)
- do you follow nist docs? Michael Dickey (Oct 31)
- do you follow nist docs? Tim Mugherini (Oct 31)
- do you follow nist docs? Michael Dickey (Oct 31)