Consumer to Collaborator: Re-imaging the US Government's role in Open Source

Transcript

1. Consumer to Collaborator Re-Imagining the Government’s role in Open Source

2. EXPLAIN YOUR FISMA PROCESS

3. None

4. OR, EMBED INTO KICKSTART: $ oscap xccdf eval \ --remediate

   \ --profile stig-rhel6-server-upstream \ --report /root/scan-report.html \ /usr/share/xml/scap/content.xml
5. None
6. None
7. None
8. None
9. None

10. Miracle at Willow Run

11. None
12. None

13. FIRST USE OF CONTAINERS?

14. Mode 1 Mode 2

15. Mode 1 Mode 2 TRADITIONAL

16. Mode 1 Mode 2 TRADITIONAL EXPLORATORY

17. YOU ARE NOT AN IT CRAFTSMAN YOU ARE A BI-MODAL

    IT MANUFACTURER
18. None

19. CATEGORIZE (FIPS 199 / SP 800-60)

20. CATEGORIZE (FIPS 199 / SP 800-60) SELECT CONTROLS (FIPS 200

    / SP 800-53)

21. CATEGORIZE (FIPS 199 / SP 800-60) SELECT CONTROLS (FIPS 200

    / SP 800-53) IMPLEMENT CONTROLS (SP 800-70)

22. CATEGORIZE (FIPS 199 / SP 800-60) SELECT CONTROLS (FIPS 200

    / SP 800-53) IMPLEMENT CONTROLS (SP 800-70) ACCESS CONTROLS (SP 800-53A)

23. CATEGORIZE (FIPS 199 / SP 800-60) SELECT CONTROLS (FIPS 200

    / SP 800-53) IMPLEMENT CONTROLS (SP 800-70) ACCESS CONTROLS (SP 800-53A) AUTHORIZE (SP 800-37)

24. CATEGORIZE (FIPS 199 / SP 800-60) SELECT CONTROLS (FIPS 200

    / SP 800-53) IMPLEMENT CONTROLS (SP 800-70) ACCESS CONTROLS (SP 800-53A) MONITOR (SP 800-37 / SP 800-53A) AUTHORIZE (SP 800-37)
25. None
26. None

27. Everyone knows that SCAP is a suite of XML standards

    for creating automated checklists for configuration and vulnerability scans!
28. None

29. Features Risk? Risk? Risk? Units of ___________ Growth

30. Community created portfolio of tools and content to make attestations

    about known vulnerabilities https://github.com/OpenSCAP
31. None
32. None
33. None
34. None
35. None
36. None

37. $ govready scan

38. None
39. None

40. HOW TO ENGAGE OpenSCAP GitHub: https://github.com/OpenSCAP OpenSCAP References & Docs:

    https://github.com/OpenSCAP/scap-security-guide/wiki/Collateral-and-References SCAP Content Mailing List: https://fedorahosted.org/mailman/listinfo/scap-security-guide GovReady user-friendly front-end: https://github.com/GovReady/govready Ansible-SCAP (+ Vagrant) demo. See how it all works - painlessly: https://github.com/openprivacy/ansible-scap NIST SCAP Website: https://scap.nist.gov

41. Shawn Wells [email protected] 443-534-0130 CONTACT INFO Greg Elin [email protected] 917-304-3488

    Fen Labalme [email protected] 412-996-4113