Mailing List Archive: DHHS FDCC audit policies

DHHS FDCC audit policies

Feb 13, 2009, 2:20 PM

Post #1 of 4 (11335 views)

Has anyone created a DHHS FDCC audit policy yet? It is close to the
FDCC but wonder if someone already did the leg work on creating it.

Thanks,
Ralph Chapman

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information or otherwise protected by law. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Re: DHHS FDCC audit policies [ In reply to ]

rgula at tenablesecurity

Feb 14, 2009, 5:17 AM

Post #2 of 4 (10823 views)

Permalink

Chapman, Ralph H wrote:
> Has anyone created a DHHS FDCC audit policy yet? It is close to the
> FDCC but wonder if someone already did the leg work on creating it.
>
> Thanks,
> Ralph Chapman

Hi Ralph,

If the DHHS has described their modifications to the FDCC audit
requirements in a SCAP compliant XCCDF format, you should be able
to use the Tenable xTool to convert this and create Nessus audit
polices. This tool is available to Security Center customers.

If the group you are working with is working directly with Nessus,
they may have created their own ".audit" file and could share this
with you if you are a Professional Feed or Security Center user.

There is a specific discussion group for configuration auditing
with Nessus at the Discussions forum:

https://discussions.nessus.org/index.jspa

Ron Gula
Tenable Network Security
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

DHHS FDCC audit policies [ In reply to ]

Ralph.Chapman at ugswlp

Feb 18, 2009, 7:08 AM

Post #3 of 4 (10808 views)

Permalink

DHHS has not described their modifications to the FDCC audit
requirements in a SCAP compliant XCCDF format.

So, how do I create a XCCDF file that can be later converted using xTool
to an .audit file?

Thanks,
Ralph Chapman,

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information or otherwise protected by law. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Re: DHHS FDCC audit policies [ In reply to ]

rgula at tenablesecurity

Feb 18, 2009, 8:26 AM

Post #4 of 4 (10803 views)

Permalink

Chapman, Ralph H wrote:
> DHHS has not described their modifications to the FDCC audit
> requirements in a SCAP compliant XCCDF format.
>
> So, how do I create a XCCDF file that can be later converted using xTool
> to an .audit file?

Hi Ralph,

Tenable does not offer any guidance on writing polices in XCCDF. However,
we've written a great deal of SCAP and FDCC polices in the Nessus .audit
format which tests for the same configuration settings required by FDCC.
These are available on our Customer Support Portal. You'll also find
they are very easy to edit and understand.

Ron Gula
Tenable Network Security

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus