Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Fed-Talk] CCC DSS Doc -Win to OS X Conversion - anyone???

We had to implement Sun versions of these STIGs for our DoD Sun environment.
Our local Certification and Accreditation authorities go by these STIGS for compliance to the requirements for Accreditation of our classified systems and networks.
 
Hopefully this helps.
 
http://iase.disa.mil/stigs/stig/mac-stig-v1r1.pdf
http://iase.disa.mil/stigs/checklist/index.html > Macintosh OS X Checklist
 

Dave 

 -----Original Message-----
From: fed-talk-bounces+david.lawlin=email@hidden [mailto:fed-talk-bounces+david.lawlin=email@hidden]On Behalf Of Jason Dickinson
Sent: Wednesday, May 04, 2005 11:15
To: email@hidden
Subject: [Fed-Talk] CCC DSS Doc -Win to OS X Conversion - anyone???

Hello everyone,
    I'm in the midst of actually implementing the DSS required stuff on my 10.3.x box.

I have the document titled "Windows 2000/XP - How to Enable Security and Auditing Requirements" from our DSS person. (I'm 90% certain the doc came from here: http://www.dss.mil/infoas/index.htm  The last item on the right column in the "Guidance" section)

I'm wondering if anyone on the list has already distilled this document down into a quick cheat sheet guide for how I would set up my Mac 10.3 machine. - What'd be really dreamy would be for someone to write up a GUI frontend for the auditing SETUP - I have the audit reader (from Apple).


I'll admit that most of it is very straightforward - using the System Preferences for example. The Password Policy stuff seems easy too.

But how about the "new" auditing stuff? I understand the editing of the "audit_control" file - the "flags"

BUT

I'm trying to match up the Windows lingo in the DSS guide with the Mac/BSD lingo.

For example - in Windows language I need to Audit:

                 Logon Events - success and failures

                 Account Management - success and failures

                 Directory Service - failures only

                 Logon Events Directory Services - success and failures

                 Object Access - failures only

                 Policy Change - success and failures

                 Privilege Use - success and failures

                 Process Tracking - failures only

                 System Events - success and failures


In the Mac OS X Audit Even Class Structure (Page 77 of the "Common Criteria Configuration and Administration Guide" the nomenclature is different.

Some of the Mac ones line up with the Windows - "lo" for example - Login/Logout. But some of the others are questionable. - "Policy Change?  - what might that one be? How about the rest of them?

ok - Thanks - I'm just trying to not reinvent the wheel here. If anyone's done it already - I would love to get some advice on getting it right to make DSS happy.

Jason


email@hidden


_____________________________________

Jason C. Dickinson

Terahertz Scientist

Submillimeter-Wave Technology Laboratory

University of Massachusetts Lowell

______________________________________



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/fed-talk/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.