[Announce] Community-based Settings Curation for OSX & iOS May 29, 2013

SCAP-On-Apple User and Dev Community,

(cross-post to Fed-Talk Community)

The day has finally come to begin digging in your heels with your shoulder to the grindstone!

Several have been working hard behind the scenes, for several months now, to establish a bulk of the initial settings for OSX and iOS for public review, discussion, modifications and ultimately for approval and posting to the data feeds provided from this project. We have had some time and resource constraints that have negatively impacted our ability to reach this point on our original target date. Now, your wait is over and we can all dig in our heels and move this effort forward in a joint effort to bring the best and brightest together in a concerted effort for Settings Curation.

I wanted to give everyone a bit of structure and guidance on how we plan to proceed to maximize our time, talents and goals for this project.

Flow of Settings Curation - Iterative Process

  1. Selection of the next BLOCK of settings [selection by SCAP Core Team]
  2. Generation of a Ticket here for each setting [for Tracking & Reference purposes]
  3. Blog posting here of next Settings Block [announce posting of next block]
  4. Daily Community Review & discussion here [Community review/discussion via List]
  5. Weekly Closeout of Review here [Tickets closed one week after creation]
  6. Post Curated Settings to Repository here [Post updated data repositories & feeds]

In addition to the users and developers in this community, this process will also have close involvement by individuals from NIST, NSA and SCAP Experts to ensure a solid review and submission process is accomplished.

Timing

You will notice that we are targeting a weekly closeout of settings. This will give us a ‘rolling review’ and ONE FULL WEEK for review/feedback/modifications of each setting. We do not anticipate any setting requiring more time than that for vetting, but if it does, we will place the settings ticket on hold for later followup.

CCEs

We plan to prefix the corresponding settings tickets with a designated CCE# which, among other things, will aid this community in long term tracking of activity and outcome for any given CCE / setting.

Data Feeds

The data feeds necessary for testing will also be pulled and hosted here as a ‘developing authoritative data feed’. Once we have completed our curated

We have several hundred settings right now and anticipate throughout this process that some may be significantly modified, dropped, added or approved as is. Guidance is that you jump right in on areas you are most knowledgable on and then progress to those you are unfamiliar or interested in learning more about with community discussion.

Tool Vendors

We encourage all tool vendors to participating and contribute validation feedback on all data tested from here against your own available tool sets. Right now this activity would be premature in the process, but keep this in mind for your organization’s resource planning.

We want to Thank You all in advance for waiting on us for so long and for your willingness to actively engage in the SCAP-On-Apple Project.

If for any reason you have questions or comments, please do not hesitate to send them directly to this list for community feedback as well. Contact / Admin email addresses are on the main wiki page - https://scap-on-apple.macosforge.org/trac/wiki

  • Project Admin