=================================================
#ansible-lockdown: Ansible Lockdown Working Group
=================================================


Meeting started by cyberpear at 16:06:53 UTC. The full logs are
available at
https://meetbot.fedoraproject.org/ansible-lockdown/2019-07-11/ansible_lockdown_working_group.2019-07-11-16.06.log.html
.



Meeting summary
---------------
* STIG base requirement comes from NIST SP-800-53 via DISA Generic OS
  SRG  (cyberpear, 16:08:37)
* SP-800-53 compliance is sometimes referred to as RMF or Risk
  Management Framework and comes from the FISMA law  (cyberpear,
  16:11:17)
* NIST SP-800-171 is approximately a subset of SP-800-53 that is
  required for DFARS compliance  (cyberpear, 16:13:15)
* SP-800-171 compliance is required for processing CUI (Controlled
  Unclassified Information) data  (cyberpear, 16:14:20)
* DISA publishes a CCI number with each SRG? and STIG rule, and provides
  a document mapping the CCI to the relevant SP-800-53 section
  (cyberpear, 16:15:30)
* IDEA: add CCI numbers to each STIG rule  (cyberpear, 16:15:48)
* IDEA: add a variable to STIG roles to enforce only the SP 800-171
  subset  (cyberpear, 16:17:02)
* SP 800-171  references SP 800-53  (cyberpear, 16:17:44)
* HELP: Does someone have a mapping of SP 800-171 to SP 800-53
  requirements?  (cyberpear, 16:18:07)
* IDEA: SSG (ComplianceAsCode/content) might have something to map
  800-53 to 800-171  (cyberpear, 16:18:43)
* #help Does someone have a mapping of SP 800-171 to SP 800-53
  requirements?  (cyberpear, 16:20:43)

Meeting ended at 16:29:47 UTC.




Action Items
------------





Action Items, by person
-----------------------
* **UNASSIGNED**
  * (none)




People Present (lines said)
---------------------------
* cyberpear (17)
* zodbot (5)




Generated by `MeetBot`_ 0.1.4

.. _`MeetBot`: http://wiki.debian.org/MeetBot