Re: [Fed-Talk] STIG Viewer 3 on MacOS
Re: [Fed-Talk] STIG Viewer 3 on MacOS
- Subject: Re: [Fed-Talk] STIG Viewer 3 on MacOS
- From: Todd Cole via Fed-talk <email@hidden>
- Date: Tue, 17 Oct 2023 14:56:43 +0000
- Thread-topic: [Fed-Talk] STIG Viewer 3 on MacOS
I agree on the support for MSCP.
DISA has agreed this summer to work with the MSCP teams on the new STIG but I
am not aware of where they are in the process currently. I know that the
Dev_Sonoma DISA STIG is on the MSCP site as well as the Ventura STIG.
According to the DISA FAQ page in the absence of a STIG for the current OS a
previous one is acceptable (hence the Ventura reference) and then you can
compare the DEV info as a note on a package to an AO.
Alternative path would be to use the Sonoma 800-53 Baseline and then diff out
the 5or so items that are STIG specific (I believe that is the number still)
and let your AO know that the Baseline via 800-53 (High/Moderate/Low) is
already the NIST standard/mandate and then show the delta to the STIG so they
can understand the risk.
Just a few thoughts on how to move forward while we wait for DISA to finish.
Thanks
T
Todd Cole CISSP
US DoD and Intelligence Team
iPhone - (703) 343-6762
email@hidden <mailto:email@hidden>
Sent from my Mac
Built Secure, Designed to Work
Apple DC Office
700 K Street NW, 7th Floor
Washington, DC 20001
Apple Platform Deployment Guide:
https://support.apple.com/guide/deployment/welcome/web
Online Apple Training Content:
https://it-training.apple.com/tutorials/apt-deployment
Apple Platform Security: https://support.apple.com/guide/security/welcome/web
Apple Platform
Certifications:r:https://support.apple.com/guide/certifications/welcome/web
Network Settings Needed for Apple Products:
https://support.apple.com/en-us/HT210060
Ports and Addresses for Push Notifications:
https://support.apple.com/en-us/HT203609
AppleCare OS Support Information:
https://www.apple.com/support/professional/it-departments/
Distributing Custom Apps: https://developer.apple.com/custom-apps/
889 Compliance Statement: https://www.apple.com/legal/more-resources/gtc.html
Enterprise AppleCare support number: 877-218-1190
Apple Support site for Unlocking a device (Not supervised/managed device, do
that via AppleCare)
https://al-support.apple.com/#/additional-support
> On Oct 17, 2023, at 9:02 AM, Rowe, Walter P. (Fed) via Fed-talk
> <email@hidden> wrote:
>
> DISA should adopt support for OSCAL (https://pages.nist.gov/OSCAL/).
>
> Perhaps DISA also should participate in this project.
>
> https://github.com/usnistgov/macos_security/tree/main
>
> It would seem smarter to leverage a tool that already addresses numerous
> baselines.
>
> Walter
> --
> Walter Rowe, Div. Chief, Infrastructure Services
> National Institute of Standards and Technology
> United States Department of Commerce
>
>> On Oct 12, 2023, at 2:18 PM, Ken Hornstein via Fed-talk
>> <email@hidden> wrote:
>>
>>> I have had this conversation many times with DISA. I have found
>>> this workaround to function, but don’t make any claim on its
>>> implementation. The right this is for DISA to do the work and get
>>> STIGViewer back on macOS (this community can help show the need.)
>>
>> Unfortunately this doesn't help; that's just the instructions to run
>> the Java STIG viewer (which AFAIK is just what everyone is doing
>> right now). That doesn't support the new JSON-format checklists
>> which are only on the STIGViewer 3 (but as far as I can tell all of
>> the other tooling that slurps in checklists doesn't support the
>> new format either, so at least for us it's not urgent).
>>
>> I can appreciate that some of the responsibility is on _us_, the
>> collective MacOS X user community, to push DISA to support MacOS. But
>> what I'm unclear on is exactly what is the most effective mechanism to
>> accomplish that. It seems like the strategies tried so far, which
>> include (a) filing a support request with DISA, (b) complaining on
>> fed-talk, and (c) screaming at the heavens, hasn't been successful
>> so far. I'm open to suggestions!
>>
>> --Ken
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> https://gcc02.safelinks.protection.outlook.com/?url=https://lists.apple.com/mailman/options/fed-talk/walter.rowe%40nist.gov&data=05|01|email@hidden|f756a72c5d8f4082d0a608dbcb4fc2df|2ab5d82fd8fa4797a93e054655c61dec|1|0|638327315674050548|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||&sdata=Fn7mSoD7v/1oAlFti0LQt9a2vRd50XecGHhjJBr82qw=&reserved=0
>>
>> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden