Re: [Fed-Talk] STIG Viewer 3 on MacOS
Re: [Fed-Talk] STIG Viewer 3 on MacOS
- Subject: Re: [Fed-Talk] STIG Viewer 3 on MacOS
- From: "Rowe, Walter P. \(Fed\) via Fed-talk" <email@hidden>
- Date: Tue, 17 Oct 2023 13:02:39 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ds9FAMgPsHG+pDzUrp4lxt+UqT8EcBJdiqC7YcG22F0=; b=Js4DEMgecFy2hSz3BKBeXFxXxnyGn3K9HgE25rdOYcOaaHOC8eYdIuOiPsa2ZuoMpozINuB+JaxnnJmYxdSnTMR4Q/O2M31vQQW9pKtnk4L/Po/1BVWJD8sZAW2nqqnJnnZ0WpYQ12zyF74/enZ2k9EEKUGE5nvjWScPTGx1kCfzNvgz90pqHFRpsq9ldxQhgZvbgKbIwW20bvZ38q75M+b/GKyIf0EaArK8hwiqzB11Rpt1y3YReVO2gT2FbFXt1eJYQY+n1nFDoELBTzXvGtjfcFhX+8G2r3znXX3MpaHusTGzYPSfKLZ2oNw1wY4u63bgpsBLdaLL41taHLA1Tg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Kg0m+KrwDZa0zlVZU+R3qxydrKbj7zG+lkZ03E9WbRq8qlkwSpLVE0Yc6e42WSmIY06OGh8WrRGp5Cd73zhEbMSkBx3RN5hpwS2M+NjgAQs5HBCFSp1yDatdbi7hAh9ruSZn86nysH7JSZVmWCtoRhxyZUkrNZCtojfYQ7asaPx2PmA/Jt7I0UV3zx8FQV4Rs4bHiPhb644TlBxVnJrbo25SYdkfoIlWzLK19zSDmteDjP1S76TSWdLf25g95Jcpx8qsI4ovW+vEXD6itx+GWVdZxiOr5uerfknuJnzR4eMQJy6kc7u1a0fg5wbQdvpaM0UhUe9q4/tmupkJ7Li7MQ==
- Thread-topic: [Fed-Talk] STIG Viewer 3 on MacOS
DISA should adopt support for OSCAL (https://pages.nist.gov/OSCAL/).
Perhaps DISA also should participate in this project.
https://github.com/usnistgov/macos_security/tree/main
It would seem smarter to leverage a tool that already addresses numerous
baselines.
Walter
--
Walter Rowe, Div. Chief, Infrastructure Services
National Institute of Standards and Technology
United States Department of Commerce
On Oct 12, 2023, at 2:18 PM, Ken Hornstein via Fed-talk
<email@hidden> wrote:
I have had this conversation many times with DISA. I have found
this workaround to function, but don’t make any claim on its
implementation. The right this is for DISA to do the work and get
STIGViewer back on macOS (this community can help show the need.)
Unfortunately this doesn't help; that's just the instructions to run
the Java STIG viewer (which AFAIK is just what everyone is doing
right now). That doesn't support the new JSON-format checklists
which are only on the STIGViewer 3 (but as far as I can tell all of
the other tooling that slurps in checklists doesn't support the
new format either, so at least for us it's not urgent).
I can appreciate that some of the responsibility is on _us_, the
collective MacOS X user community, to push DISA to support MacOS. But
what I'm unclear on is exactly what is the most effective mechanism to
accomplish that. It seems like the strategies tried so far, which
include (a) filing a support request with DISA, (b) complaining on
fed-talk, and (c) screaming at the heavens, hasn't been successful
so far. I'm open to suggestions!
--Ken
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
https://gcc02.safelinks.protection.outlook.com/?url=https://lists.apple.com/mailman/options/fed-talk/walter.rowe%40nist.gov&data=05|01|email@hidden|f756a72c5d8f4082d0a608dbcb4fc2df|2ab5d82fd8fa4797a93e054655c61dec|1|0|638327315674050548|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||&sdata=Fn7mSoD7v/1oAlFti0LQt9a2vRd50XecGHhjJBr82qw=&reserved=0
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden