Hello all,
A few of items of discussion here:
1. Red Hat validates the shipped crypto modules in RHEL itself. CentOS Stream is the evolving next release of those same modules. However, because CentOS Stream is a developer-focused, evolving project, Red Hat will not be validating the CentOS Stream modules themselves. Any issues, bugs, functional or security problems discovered in CentOS Stream (including the crypto modules) would indeed be filed as bugs, and addressed in CentOS and RHEL.
2. While OpenSCAP and the profiles we build will be included in CentOS Stream, they are treated as upstream from a support perspective. Our work flow still starts with the Compliance As Code GIT repository upstream, through CentOS Stream and into RHEL.
3. To be clear, code modifications and changes required to obtain certifications such as FIPS and Common Criteria will certainly be reflected in CentOS Stream (as all changes are, with the exception of embargoed content). But the certifications themselves will only ever be done on RHEL itself as that is the stable, long term supported release.
On 1/5/21 5:30 PM, Jeffrey Hawkins wrote:
Hi Mark,
Related topic....
Do you know if the FIPS Software Modules/Libraries that RedHat certifies RHEL8.x will be included in CENTOS Stream (similar to existing CENTOS approach), or will CENTOS Stream have different Crypto Software?   Also, any nuances or strategy changes we may need to be aware of as to OpenScap and Benchmarks for CENTOS Stream?
Jeff
*From:* Mark Thacker mthacker@redhat.com *Sent:* Sunday, December 27, 2020 8:05 AM *To:* SCAP Security Guide scap-security-guide@lists.fedorahosted.org; Ted Brunell tbrunell@redhat.com *Subject:* Re: Any rumors on next draft for RHEL 8 STIG from DISA?
Hi all,
An update :
- RHEL 8 Common Criteria is in process and we expect to complete and
announce in EARLY Q1 CY2021
- RHEL 8 FIPS is finishing now! Actually, two of our certs are in hand
now for RHEL 8 with three more in the final stages (in Coordination state). We expect to push a press release when we have all of the module validation certificates completed.
Again, expect that we will announce more publicly when we have completed the certifications for each of these standards.
On 12/2/20 4:30 PM, Ted Brunell wrote:
I cannot really talk much about CC and FIPS, but the STIG is expected to be published by DISA (based on the draft STIG content on RHEL 8.2 and 8.3) sometime early next year.
DISA may be able to provide a more concise timeframe. (disa.stig_spt@mail.mil mailto:disa.stig_spt@mail.mil).
R/
Ted Brunell
On Wed, Dec 2, 2020 at 12:14 PM Hayden,Robert <RHAYDEN@cerner.com mailto:RHAYDEN@cerner.com> wrote:
Curious on if anyone has any information on the next draft release from DISA on RHEL 8 STIG benchmarks? The one in May was pretty rough and did not really match where the current upstream was moving towards. Thanks in advance Robert *Robert Hayden*| Lead Technology Architect | Cerner Corporation CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024. _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org <mailto:scap-security-guide@lists.fedorahosted.org> To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org <mailto:scap-security-guide-leave@lists.fedorahosted.org> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ <https://docs.fedoraproject.org/en-US/project/code-of-conduct/> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines <https://fedoraproject.org/wiki/Mailing_list_guidelines> List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org <https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org>
scap-security-guide mailing list --scap-security-guide@lists.fedorahosted.org mailto:scap-security-guide@lists.fedorahosted.org To unsubscribe send an email toscap-security-guide-leave@lists.fedorahosted.org mailto:scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
--
Mark Thacker
He/Him
Team Lead & Security Experience Product Manager, Red Hat Enterprise Linux
Red Hat https://www.redhat.com
mthacker@redhat.com mailto:mthacker@redhat.com M: +1-214-636-7004 tel:+1-214-636-7004 Twitter / IRC: @thackman
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...
A note of clarification, for the FIPS certification, the hardware that the software is built on matters so re-rolling it yourself and/or the CentOS "binary compatible" rolls aren't part of the certified package.
Do they meet the functional requirements....probably.
Do they meet the legal requirements (NIST 800-53, etc...)....no.
Trevor
On Wed, Jan 6, 2021 at 9:51 AM Mark Thacker mthacker@redhat.com wrote:
Hello all,
A few of items of discussion here:
- Red Hat validates the shipped crypto modules in RHEL itself. CentOS
Stream is the evolving next release of those same modules. However, because CentOS Stream is a developer-focused, evolving project, Red Hat will not be validating the CentOS Stream modules themselves. Any issues, bugs, functional or security problems discovered in CentOS Stream (including the crypto modules) would indeed be filed as bugs, and addressed in CentOS and RHEL.
- While OpenSCAP and the profiles we build will be included in CentOS
Stream, they are treated as upstream from a support perspective. Our work flow still starts with the Compliance As Code GIT repository upstream, through CentOS Stream and into RHEL.
- To be clear, code modifications and changes required to obtain
certifications such as FIPS and Common Criteria will certainly be reflected in CentOS Stream (as all changes are, with the exception of embargoed content). But the certifications themselves will only ever be done on RHEL itself as that is the stable, long term supported release.
On 1/5/21 5:30 PM, Jeffrey Hawkins wrote:
Hi Mark,
Related topic....Â
Do you know if the FIPS Software Modules/Libraries that RedHat certifies RHEL8.x will be included in CENTOS Stream (similar to existing CENTOS approach), or will CENTOS Stream have different Crypto Software?   Also, any nuances or strategy changes we may need to be aware of as to OpenScap and Benchmarks for CENTOS Stream?
Jeff
*From:* Mark Thacker mthacker@redhat.com mthacker@redhat.com *Sent:* Sunday, December 27, 2020 8:05 AM *To:* SCAP Security Guide scap-security-guide@lists.fedorahosted.org scap-security-guide@lists.fedorahosted.org; Ted Brunell tbrunell@redhat.com tbrunell@redhat.com *Subject:* Re: Any rumors on next draft for RHEL 8 STIG from DISA? Â
Hi all,
An update :
- RHEL 8 Common Criteria is in process and we expect to complete and
announce in EARLY Q1 CY2021
- RHEL 8 FIPS is finishing now! Actually, two of our certs are in hand now
for RHEL 8 with three more in the final stages (in Coordination state). We expect to push a press release when we have all of the module validation certificates completed.
Again, expect that we will announce more publicly when we have completed the certifications for each of these standards.
On 12/2/20 4:30 PM, Ted Brunell wrote:
I cannot really talk much about CC and FIPS, but the STIG is expected to be published by DISA (based on the draft STIG content on RHEL 8.2 and 8.3) sometime early next year.
DISA may be able to provide a more concise timeframe. ( disa.stig_spt@mail.mil).
R/
Ted Brunell
On Wed, Dec 2, 2020 at 12:14 PM Hayden,Robert RHAYDEN@cerner.com wrote:
Curious on if anyone has any information on the next draft release from DISA on RHEL 8 STIG benchmarks? The one in May was pretty rough and did not really match where the current upstream was moving towards.
Â
Thanks in advance
Robert
Â
*Robert Hayden* | Lead Technology Architect | Cerner Corporation
 Â
CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024. _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...
--
Mark Thacker
He/Him
Team Lead & Security Experience Product Manager, Red Hat Enterprise Linux
Red Hat https://www.redhat.com
mthacker@redhat.com  M: +1-214-636-7004   Twitter / IRC: @thackman https://www.redhat.com
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...
--
Mark Thacker
He/Him
Team Lead & Security Experience Product Manager, Red Hat Enterprise Linux
Red Hat https://www.redhat.com
mthacker@redhat.com  M: +1-214-636-7004   Twitter / IRC: @thackman https://www.redhat.com _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...
Trevor, That is most interesting. I fully understand a desire to only accept the certification on select hardware as choosing the wrong hardware (e.g. ARM with a different IP stack) might lack important key handling features like anti-tamper. I'm not sure I see why the compile-time **hardware** makes a significant difference, given the state of cross-compilers. I would think that the compile-time **software** would have the greatest influence as it a direct vector for supply chain attacks. I've been skimming the FIPS 140-2 doc and the best I can see is that compile-time hardware is part of "Design Assurance" (Table 1 and section 4.10). All of the other documentation I can see refers to the operating environment or designing towards a particular (hostile) environment.
I don't doubt that what you say is true given the list of unwritten rules most organizations have. I'm curious about the basis for such a rule. If you know and have time to educate, I would be most fascinated to understand the reasoning.
Thanks, Charlie Todd CISSP, Ball Aerospace
-----Original Message----- From: Trevor Vaughan tvaughan@onyxpoint.com Sent: Wednesday, January 6, 2021 9:51 AM To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Cc: Jeffrey Hawkins rtswguru@hotmail.com; Ted Brunell tbrunell@redhat.com Subject: [EXTERNAL] Re: Any rumors on next draft for RHEL 8 STIG from DISA?
A note of clarification, for the FIPS certification, the hardware that the software is built on matters so re-rolling it yourself and/or the CentOS "binary compatible" rolls aren't part of the certified package.
Do they meet the functional requirements....probably.
Do they meet the legal requirements (NIST 800-53, etc...)....no.
Trevor
On Wed, Jan 6, 2021 at 9:51 AM Mark Thacker <mthacker@redhat.com mailto:mthacker@redhat.com > wrote:
Hello all,
A few of items of discussion here:
1. Red Hat validates the shipped crypto modules in RHEL itself. CentOS Stream is the evolving next release of those same modules. However, because CentOS Stream is a developer-focused, evolving project, Red Hat will not be validating the CentOS Stream modules themselves. Any issues, bugs, functional or security problems discovered in CentOS Stream (including the crypto modules) would indeed be filed as bugs, and addressed in CentOS and RHEL.
2. While OpenSCAP and the profiles we build will be included in CentOS Stream, they are treated as upstream from a support perspective. Our work flow still starts with the Compliance As Code GIT repository upstream, through CentOS Stream and into RHEL.
3. To be clear, code modifications and changes required to obtain certifications such as FIPS and Common Criteria will certainly be reflected in CentOS Stream (as all changes are, with the exception of embargoed content). But the certifications themselves will only ever be done on RHEL itself as that is the stable, long term supported release.
On 1/5/21 5:30 PM, Jeffrey Hawkins wrote:
Hi Mark,
Related topic....Â
Do you know if the FIPS Software Modules/Libraries that RedHat certifies RHEL8.x will be included in CENTOS Stream (similar to existing CENTOS approach), or will CENTOS Stream have different Crypto Software?   Also, any nuances or strategy changes we may need to be aware of as to OpenScap and Benchmarks for CENTOS Stream?
Jeff
________________________________
From: Mark Thacker mthacker@redhat.com mailto:mthacker@redhat.com Sent: Sunday, December 27, 2020 8:05 AM To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org mailto:scap-security-guide@lists.fedorahosted.org ; Ted Brunell tbrunell@redhat.com mailto:tbrunell@redhat.com Subject: Re: Any rumors on next draft for RHEL 8 STIG from DISA? Â
Hi all,
An update :
* RHEL 8 Common Criteria is in process and we expect to complete and announce in EARLY Q1 CY2021
* RHEL 8 FIPS is finishing now! Actually, two of our certs are in hand now for RHEL 8 with three more in the final stages (in Coordination state). We expect to push a press release when we have all of the module validation certificates completed.
Again, expect that we will announce more publicly when we have completed the certifications for each of these standards.
On 12/2/20 4:30 PM, Ted Brunell wrote:
I cannot really talk much about CC and FIPS, but the STIG is expected to be published by DISA (based on the draft STIG content on RHEL 8.2 and 8.3) sometime early next year. DISA may be able to provide a more concise timeframe. (disa.stig_spt@mail.mil mailto:disa.stig_spt@mail.mil ).
R/
Ted Brunell
On Wed, Dec 2, 2020 at 12:14 PM Hayden,Robert <RHAYDEN@cerner.com mailto:RHAYDEN@cerner.com > wrote:
Curious on if anyone has any information on the next draft release from DISA on RHEL 8 STIG benchmarks? The one in May was pretty rough and did not really match where the current upstream was moving towards.
Â
Thanks in advance
Robert
Â
Robert Hayden | Lead Technology Architect | Cerner Corporation
Â
Â
CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024.
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org mailto:scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org mailto:scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=rHvTwk8Zk5ddNG4nhLUNHKCGNhW58Jyab6h3rrK-XKA&e= List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=bCYDCfFXnTixcuxaa7D3bgd69UOcffRlVGxvp43bbKk&e= List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_scap-2Dsecurity-2Dguide-40lists.fedorahosted.org&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=BDpyybgKu8ScdvZNy1iey3HKAr2k5GyoY8ZzW6arQPc&e=
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org mailto:scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org mailto:scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=rHvTwk8Zk5ddNG4nhLUNHKCGNhW58Jyab6h3rrK-XKA&e= List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=bCYDCfFXnTixcuxaa7D3bgd69UOcffRlVGxvp43bbKk&e= List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_scap-2Dsecurity-2Dguide-40lists.fedorahosted.org&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=BDpyybgKu8ScdvZNy1iey3HKAr2k5GyoY8ZzW6arQPc&e=
--
Mark Thacker
He/Him
Team Lead & Security Experience Product Manager, Red Hat Enterprise Linux
mthacker@redhat.com mailto:mthacker@redhat.com   M: +1-214-636-7004 tel:+1-214-636-7004   Twitter / IRC: @thackman
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org mailto:scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org mailto:scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=rHvTwk8Zk5ddNG4nhLUNHKCGNhW58Jyab6h3rrK-XKA&e= List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=bCYDCfFXnTixcuxaa7D3bgd69UOcffRlVGxvp43bbKk&e= List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_scap-2Dsecurity-2Dguide-40lists.fedorahosted.org&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=BDpyybgKu8ScdvZNy1iey3HKAr2k5GyoY8ZzW6arQPc&e=
--
Mark Thacker
He/Him
Team Lead & Security Experience Product Manager, Red Hat Enterprise Linux
mthacker@redhat.com mailto:mthacker@redhat.com   M: +1-214-636-7004   Twitter / IRC: @thackman
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=k36w8dImXhR211kEZjaEM-BOryztJhHEjAfsn5dOToo&e= _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org mailto:scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org mailto:scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=rHvTwk8Zk5ddNG4nhLUNHKCGNhW58Jyab6h3rrK-XKA&e= List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=bCYDCfFXnTixcuxaa7D3bgd69UOcffRlVGxvp43bbKk&e= List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_scap-2Dsecurity-2Dguide-40lists.fedorahosted.org&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=BDpyybgKu8ScdvZNy1iey3HKAr2k5GyoY8ZzW6arQPc&e=
Another FIPS thing that is subtle but may come in late in your purchase cycle to bite you is: Is the supervisory module of a server FIPS-compliant? This is a board with its own processor and memory.
For example, HPE's iLO4: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2574.pdf
It matters for both setup (at beginning of use) and sanitizing (at end of use).
Regards, Scott -- Scott Packard | Sr Principal Engr Comm Systems Northrop Grumman Corporation | Space Systems O: 626-812-1703 | scott.packard@ngc.com | email2text: 6262200032@usamobility.net
-----Original Message----- From: Todd, Charles CTODD@ball.com Sent: Wednesday, January 6, 2021 7:13 AM To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Cc: Jeffrey Hawkins rtswguru@hotmail.com; Ted Brunell tbrunell@redhat.com Subject: EXT :RE: [EXTERNAL] Re: Any rumors on next draft for RHEL 8 STIG from DISA?
Trevor, That is most interesting. I fully understand a desire to only accept the certification on select hardware as choosing the wrong hardware (e.g. ARM with a different IP stack) might lack important key handling features like anti-tamper. I'm not sure I see why the compile-time **hardware** makes a significant difference, given the state of cross-compilers. I would think that the compile-time **software** would have the greatest influence as it a direct vector for supply chain attacks. I've been skimming the FIPS 140-2 doc and the best I can see is that compile-time hardware is part of "Design Assurance" (Table 1 and section 4.10). All of the other documentation I can see refers to the operating environment or designing towards a particular (hostile) environment.
I don't doubt that what you say is true given the list of unwritten rules most organizations have. I'm curious about the basis for such a rule. If you know and have time to educate, I would be most fascinated to understand the reasoning.
Thanks, Charlie Todd CISSP, Ball Aerospace
-----Original Message----- From: Trevor Vaughan tvaughan@onyxpoint.com Sent: Wednesday, January 6, 2021 9:51 AM To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Cc: Jeffrey Hawkins rtswguru@hotmail.com; Ted Brunell tbrunell@redhat.com Subject: [EXTERNAL] Re: Any rumors on next draft for RHEL 8 STIG from DISA?
A note of clarification, for the FIPS certification, the hardware that the software is built on matters so re-rolling it yourself and/or the CentOS "binary compatible" rolls aren't part of the certified package.
Do they meet the functional requirements....probably.
Do they meet the legal requirements (NIST 800-53, etc...)....no.
Trevor
On Wed, Jan 6, 2021 at 9:51 AM Mark Thacker <mthacker@redhat.com mailto:mthacker@redhat.com > wrote:
Hello all,
A few of items of discussion here:
1. Red Hat validates the shipped crypto modules in RHEL itself. CentOS Stream is the evolving next release of those same modules. However, because CentOS Stream is a developer-focused, evolving project, Red Hat will not be validating the CentOS Stream modules themselves. Any issues, bugs, functional or security problems discovered in CentOS Stream (including the crypto modules) would indeed be filed as bugs, and addressed in CentOS and RHEL.
2. While OpenSCAP and the profiles we build will be included in CentOS Stream, they are treated as upstream from a support perspective. Our work flow still starts with the Compliance As Code GIT repository upstream, through CentOS Stream and into RHEL.
3. To be clear, code modifications and changes required to obtain certifications such as FIPS and Common Criteria will certainly be reflected in CentOS Stream (as all changes are, with the exception of embargoed content). But the certifications themselves will only ever be done on RHEL itself as that is the stable, long term supported release.
On 1/5/21 5:30 PM, Jeffrey Hawkins wrote:
Hi Mark,
Related topic....Â
Do you know if the FIPS Software Modules/Libraries that RedHat certifies RHEL8.x will be included in CENTOS Stream (similar to existing CENTOS approach), or will CENTOS Stream have different Crypto Software?   Also, any nuances or strategy changes we may need to be aware of as to OpenScap and Benchmarks for CENTOS Stream?
Jeff
________________________________
From: Mark Thacker mthacker@redhat.com mailto:mthacker@redhat.com Sent: Sunday, December 27, 2020 8:05 AM To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org mailto:scap-security-guide@lists.fedorahosted.org ; Ted Brunell tbrunell@redhat.com mailto:tbrunell@redhat.com Subject: Re: Any rumors on next draft for RHEL 8 STIG from DISA? Â
Hi all,
An update :
* RHEL 8 Common Criteria is in process and we expect to complete and announce in EARLY Q1 CY2021
* RHEL 8 FIPS is finishing now! Actually, two of our certs are in hand now for RHEL 8 with three more in the final stages (in Coordination state). We expect to push a press release when we have all of the module validation certificates completed.
Again, expect that we will announce more publicly when we have completed the certifications for each of these standards.
On 12/2/20 4:30 PM, Ted Brunell wrote:
I cannot really talk much about CC and FIPS, but the STIG is expected to be published by DISA (based on the draft STIG content on RHEL 8.2 and 8.3) sometime early next year. DISA may be able to provide a more concise timeframe. (disa.stig_spt@mail.mil mailto:disa.stig_spt@mail.mil ).
R/
Ted Brunell
On Wed, Dec 2, 2020 at 12:14 PM Hayden,Robert <RHAYDEN@cerner.com mailto:RHAYDEN@cerner.com > wrote:
Curious on if anyone has any information on the next draft release from DISA on RHEL 8 STIG benchmarks? The one in May was pretty rough and did not really match where the current upstream was moving towards.
Â
Thanks in advance
Robert
Â
Robert Hayden | Lead Technology Architect | Cerner Corporation
Â
Â
CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024.
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org mailto:scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org mailto:scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=rHvTwk8Zk5ddNG4nhLUNHKCGNhW58Jyab6h3rrK-XKA&e= List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=bCYDCfFXnTixcuxaa7D3bgd69UOcffRlVGxvp43bbKk&e= List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_scap-2Dsecurity-2Dguide-40lists.fedorahosted.org&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=BDpyybgKu8ScdvZNy1iey3HKAr2k5GyoY8ZzW6arQPc&e=
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org mailto:scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org mailto:scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=rHvTwk8Zk5ddNG4nhLUNHKCGNhW58Jyab6h3rrK-XKA&e= List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=bCYDCfFXnTixcuxaa7D3bgd69UOcffRlVGxvp43bbKk&e= List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_scap-2Dsecurity-2Dguide-40lists.fedorahosted.org&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=BDpyybgKu8ScdvZNy1iey3HKAr2k5GyoY8ZzW6arQPc&e=
--
Mark Thacker
He/Him
Team Lead & Security Experience Product Manager, Red Hat Enterprise Linux
mthacker@redhat.com mailto:mthacker@redhat.com   M: +1-214-636-7004 tel:+1-214-636-7004   Twitter / IRC: @thackman
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org mailto:scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org mailto:scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=rHvTwk8Zk5ddNG4nhLUNHKCGNhW58Jyab6h3rrK-XKA&e= List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=bCYDCfFXnTixcuxaa7D3bgd69UOcffRlVGxvp43bbKk&e= List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_scap-2Dsecurity-2Dguide-40lists.fedorahosted.org&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=BDpyybgKu8ScdvZNy1iey3HKAr2k5GyoY8ZzW6arQPc&e=
--
Mark Thacker
He/Him
Team Lead & Security Experience Product Manager, Red Hat Enterprise Linux
mthacker@redhat.com mailto:mthacker@redhat.com   M: +1-214-636-7004   Twitter / IRC: @thackman
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=k36w8dImXhR211kEZjaEM-BOryztJhHEjAfsn5dOToo&e= _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org mailto:scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org mailto:scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_en-2DUS_project_code-2Dof-2Dconduct_&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=rHvTwk8Zk5ddNG4nhLUNHKCGNhW58Jyab6h3rrK-XKA&e= List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=bCYDCfFXnTixcuxaa7D3bgd69UOcffRlVGxvp43bbKk&e= List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_scap-2Dsecurity-2Dguide-40lists.fedorahosted.org&d=DwMFaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=-zf1zdck1CLacFeYkvymJ_9mX8Ub31QPIr4KgF7bpJg&s=BDpyybgKu8ScdvZNy1iey3HKAr2k5GyoY8ZzW6arQPc&e=
Todd,
It's been a long time since I've traced the whole thing (hopefully 140-3 is clearer) but IIRC it came down to the assurance of the build process as certified by NIST.
Technically, your local security officer(s) can probably evaluate your entire local stack and waive that part of the requirement. However, they would probably have to coordinate with NIST directly to meet the 800-171/CNSSI 1253 requirements for NIST/NSA approved cryptography and I don't really see that working in reality.
Trevor
On Wed, Jan 6, 2021 at 10:13 AM Todd, Charles CTODD@ball.com wrote:
Trevor, That is most interesting. I fully understand a desire to only accept the certification on select hardware as choosing the wrong hardware (e.g. ARM with a different IP stack) might lack important key handling features like anti-tamper. I'm not sure I see why the compile-time **hardware** makes a significant difference, given the state of cross-compilers. I would think that the compile-time **software** would have the greatest influence as it a direct vector for supply chain attacks. I've been skimming the FIPS 140-2 doc and the best I can see is that compile-time hardware is part of "Design Assurance" (Table 1 and section 4.10). All of the other documentation I can see refers to the operating environment or designing towards a particular (hostile) environment.
I don't doubt that what you say is true given the list of unwritten rules most organizations have. I'm curious about the basis for such a rule. If you know and have time to educate, I would be most fascinated to understand the reasoning.
Thanks, Charlie Todd CISSP, Ball Aerospace
-----Original Message----- From: Trevor Vaughan tvaughan@onyxpoint.com Sent: Wednesday, January 6, 2021 9:51 AM To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Cc: Jeffrey Hawkins rtswguru@hotmail.com; Ted Brunell < tbrunell@redhat.com> Subject: [EXTERNAL] Re: Any rumors on next draft for RHEL 8 STIG from DISA?
A note of clarification, for the FIPS certification, the hardware that the software is built on matters so re-rolling it yourself and/or the CentOS "binary compatible" rolls aren't part of the certified package.
Do they meet the functional requirements....probably.
Do they meet the legal requirements (NIST 800-53, etc...)....no.
Trevor
On Wed, Jan 6, 2021 at 9:51 AM Mark Thacker <mthacker@redhat.com mailto: mthacker@redhat.com > wrote:
Hello all, A few of items of discussion here: 1. Red Hat validates the shipped crypto modules in RHEL itself.
CentOS Stream is the evolving next release of those same modules. However, because CentOS Stream is a developer-focused, evolving project, Red Hat will not be validating the CentOS Stream modules themselves. Any issues, bugs, functional or security problems discovered in CentOS Stream (including the crypto modules) would indeed be filed as bugs, and addressed in CentOS and RHEL.
2. While OpenSCAP and the profiles we build will be included in
CentOS Stream, they are treated as upstream from a support perspective. Our work flow still starts with the Compliance As Code GIT repository upstream, through CentOS Stream and into RHEL.
3. To be clear, code modifications and changes required to obtain
certifications such as FIPS and Common Criteria will certainly be reflected in CentOS Stream (as all changes are, with the exception of embargoed content). But the certifications themselves will only ever be done on RHEL itself as that is the stable, long term supported release.
On 1/5/21 5:30 PM, Jeffrey Hawkins wrote: Hi Mark, Related topic.... Do you know if the FIPS Software Modules/Libraries that
RedHat certifies RHEL8.x will be included in CENTOS Stream (similar to existing CENTOS approach), or will CENTOS Stream have different Crypto Software?   Also, any nuances or strategy changes we may need to be aware of as to OpenScap and Benchmarks for CENTOS Stream?
Jeff
From: Mark Thacker <mthacker@redhat.com> <mailto:
mthacker@redhat.com> Sent: Sunday, December 27, 2020 8:05 AM To: SCAP Security Guide < scap-security-guide@lists.fedorahosted.org> mailto: scap-security-guide@lists.fedorahosted.org ; Ted Brunell < tbrunell@redhat.com> mailto:tbrunell@redhat.com Subject: Re: Any rumors on next draft for RHEL 8 STIG from DISA? Â
Hi all, An update : * RHEL 8 Common Criteria is in process and we expect to
complete and announce in EARLY Q1 CY2021
* RHEL 8 FIPS is finishing now! Actually, two of our certs
are in hand now for RHEL 8 with three more in the final stages (in Coordination state). We expect to push a press release when we have all of the module validation certificates completed.
Again, expect that we will announce more publicly when we
have completed the certifications for each of these standards.
On 12/2/20 4:30 PM, Ted Brunell wrote: I cannot really talk much about CC and FIPS, but
the STIG is expected to be published by DISA (based on the draft STIG content on RHEL 8.2 and 8.3) sometime early next year.
DISA may be able to provide a more concise
timeframe. (disa.stig_spt@mail.mil mailto:disa.stig_spt@mail.mil ).
R/ Ted Brunell On Wed, Dec 2, 2020 at 12:14 PM Hayden,Robert <
RHAYDEN@cerner.com mailto:RHAYDEN@cerner.com > wrote:
Curious on if anyone has any information
on the next draft release from DISA on RHEL 8 STIG benchmarks? The one in May was pretty rough and did not really match where the current upstream was moving towards.
 Thanks in advance Robert  Robert Hayden | Lead Technology Architect
| Cerner Corporation
  CONFIDENTIALITY NOTICE This message and
any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024.
scap-security-guide mailing list --
scap-security-guide@lists.fedorahosted.org mailto: scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org mailto: scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ < https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_...
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines < https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_...
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... < https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_...
_______________________________________________ scap-security-guide mailing list --
scap-security-guide@lists.fedorahosted.org mailto: scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org mailto: scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ < https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_...
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines < https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_...
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... < https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_...
-- Mark Thacker He/Him Team Lead & Security Experience Product Manager, Red Hat
Enterprise Linux
Red Hat <
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com&d=Dw...
mthacker@redhat.com <mailto:mthacker@redhat.com> Â Â M: +1-214-636-7004 <tel:+1-214-636-7004> Â Â Twitter /
IRC: @thackman
< https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com&d=Dw...
_______________________________________________ scap-security-guide mailing list --
scap-security-guide@lists.fedorahosted.org mailto: scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org mailto: scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ < https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_...
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines < https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_...
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... < https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_...
-- Mark Thacker He/Him Team Lead & Security Experience Product Manager, Red Hat
Enterprise Linux
Red Hat <
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com&d=Dw...
mthacker@redhat.com <mailto:mthacker@redhat.com> Â Â M: +1-214-636-7004 Â Â Twitter / IRC: @thackman
< https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com&d=Dw...
_______________________________________________ scap-security-guide mailing list --
scap-security-guide@lists.fedorahosted.org mailto: scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org mailto: scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ < https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.fedoraproject.org_...
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines < https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_...
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor... < https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_...
--
Trevor Vaughan Vice President, Onyx Point, Inc
(410) 541-6699 x788
-- This account not approved for unencrypted proprietary information --
This message and any enclosures are intended only for the addressee. Please notify the sender by email if you are not the intended recipient. If you are not the intended recipient, you may not use, copy, disclose, or distribute this message or its contents or enclosures to any other person and any such actions may be unlawful. Ball reserves the right to monitor and review all messages and enclosures sent to or from this email address. _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...
scap-security-guide@lists.fedorahosted.org