Re: [Fed-Talk] FISMA SP 800-53 Audit configurations?
Re: [Fed-Talk] FISMA SP 800-53 Audit configurations?
- Subject: Re: [Fed-Talk] FISMA SP 800-53 Audit configurations?
- From: Peter Thoenen <email@hidden>
- Date: Mon, 01 Oct 2012 16:16:22 -1000
I think your confused on NIST SP 800-53 requirements nor are you ever going to find a config that addresses it all given most of the requirements are tailored to your specific A&A package and having nothing to do with technical settings. The AU controls for example are always going to be specific to your org. The best you are going to get is something for CM-6 which refers to NIST SP800-70 rev2 which establishes the NCP which, under the order of precedence for choosing a configuration baseline, would require you to use the DOD DISA OSX STIG[1] or the NSA OSX[2] config .. pick your poison. The NSA one is easy to parse but the STIG is in XCDFF format which rocks from an audit perspective. One day USGCB will get around to publishing something useful for OSX but until then, you are stuck with one of those two per OOP.
-Peter
On Mon, Oct 1, 2012 at 2:49 PM, Todd Heberlein
<email@hidden> wrote:
Googling has failed me, so I'm hoping someone on this list can provide me with some information.
I'm looking for guidelines for BSM auditing configurations for Macs to meet the low, moderate, and high control baselines to meet FISMA requirements (per NIST SP 800-53 controls AU-2 and AU-3). Any pointers?
Thanks,
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden