Before the consensus meeting next week, we should have the STIG-server
Profile expanded to include all items which bear CCIs.
Even though a few of these are not practical (such as disabling all USB
support), the conversation should start with a strict mapping of the SRG
requirements, captured in the STIG-server Profile.
Note: I've pushed the script that can identify Rules with references
which are missing from a Profile, but I'm not pushing the other part of
that commitset until we've been able to sync on how/when the Profile
updating (and likely reorganization between common and STIG-server)
should occur.
There are likely Rules for disabling service in the common Profile which
likely belong only in the desktop Profile, too (as these would be normal
for a server).
--
___________________________
Jeffrey Blank
410-854-8675
Technology and Systems Analysis / Network Components
NSA Information Assurance