[Pauldotcom] do you follow nist docs?
rgula at tenablesecurity.com
Sat Oct 31 00:48:24 UTC 2009
Michael Dickey wrote:
> I don't want to usurp Tim's post, but with the mention of NIST, it
> brings up a question I've always had.
> Does anyone truly adhere to and build systems based off NIST docs? I'm
> not talking "inspired by" builds that take a handful of the settings and
> use them, but actually building to the specs such that you can say your
> build guide is NIST? This is a bit of a sanity check for me, as I'm
> Don't get me wrong, I'm not dissing NIST! They make for great reading!
Folks in the DOD and US government surely do. We often get support
requests to update out Nessus audit polices for Oracle and MS SQL
configs within a day or two after DISA releases new content.
As DISA makes more XCCDF content, I also think you will also see more
adoption of those configuration audit settings commercially.
Ron Gula, CEO
Tenable Network Security
More information about the Pauldotcom