#ansible-lockdown: Ansible Lockdown Working Group

Meeting started by cyberpear at 16:06:53 UTC (full logs).

Meeting summary

    1. STIG base requirement comes from NIST SP-800-53 via DISA Generic OS SRG (cyberpear, 16:08:37)
    2. SP-800-53 compliance is sometimes referred to as RMF or Risk Management Framework and comes from the FISMA law (cyberpear, 16:11:17)
    3. NIST SP-800-171 is approximately a subset of SP-800-53 that is required for DFARS compliance (cyberpear, 16:13:15)
    4. SP-800-171 compliance is required for processing CUI (Controlled Unclassified Information) data (cyberpear, 16:14:20)
    5. DISA publishes a CCI number with each SRG? and STIG rule, and provides a document mapping the CCI to the relevant SP-800-53 section (cyberpear, 16:15:30)
    6. IDEA: add CCI numbers to each STIG rule (cyberpear, 16:15:48)
    7. IDEA: add a variable to STIG roles to enforce only the SP 800-171 subset (cyberpear, 16:17:02)
    8. SP 800-171 references SP 800-53 (cyberpear, 16:17:44)
    9. HELP: Does someone have a mapping of SP 800-171 to SP 800-53 requirements? (cyberpear, 16:18:07)
    10. IDEA: SSG (ComplianceAsCode/content) might have something to map 800-53 to 800-171 (cyberpear, 16:18:43)
    11. #help Does someone have a mapping of SP 800-171 to SP 800-53 requirements? (cyberpear, 16:20:43)


Meeting ended at 16:29:47 UTC (full logs).

Action items

  1. (none)


People present (lines said)

  1. cyberpear (17)
  2. zodbot (5)


Generated by MeetBot 0.1.4.