Re: [Fed-Talk] OS X < 10.10 a "Critical" finding in ACAS
Re: [Fed-Talk] OS X < 10.10 a "Critical" finding in ACAS
- Subject: Re: [Fed-Talk] OS X < 10.10 a "Critical" finding in ACAS
- From: "Miller, Timothy J." <email@hidden>
- Date: Fri, 24 Oct 2014 18:07:45 +0000
- Thread-topic: [Fed-Talk] OS X < 10.10 a "Critical" finding in ACAS
>HBSS (ePO) is used as well, but I have a feeling for only a fraction of
>it’s capabilities. They provide a matrix showing which modules work /
>don’t work on various OSen. And I believe there are only two modules
>pushed by policy to Macs… Policy Auditor and Asset Baseline Monitor.
The lack of SCAP-validated auditing products in the Mac space is a known gap. Neither ePO or Nessus is SCAP validated on OS X (and Nessus' validation was for SCAP 1.0 anyway, which are all retired).
>What I don’t know is if Tenable / Nessus are the ones who are writing the
>plugins, or if a given customer can or do deploy their own. But that’s
>probably a moot point in this case.
IIRC, it's both a feed from Teneble (direct authorship and community-collected) and developed by the PMO. There's a community where you can discuss ACAS, including plugin issues:
https://disa.deps.mil/ext/cop/mae/netops/acas/SitePages/Components.aspx
CAC-required, natch.
-- T
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden