Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2015 06-12 DevOpsDC 2015 - Consumer to Collaborator

49 views

Published on

2015 06-12 DevOpsDC 2015 - Consumer to Collaborator
Re-imagining the government's role in open source

Published in: Software
  • Be the first to comment

  • Be the first to like this

2015 06-12 DevOpsDC 2015 - Consumer to Collaborator

  1. 1. Consumer to Collaborator Re-Imagining the Government’s role in Open Source
  2. 2. EXPLAIN YOUR FISMA PROCESS
  3. 3. OR, EMBED INTO KICKSTART: $ oscap xccdf eval --remediate --profile stig-rhel6-server-upstream --report /root/scan-report.html /usr/share/xml/scap/content.xml
  4. 4. Miracle at Willow Run
  5. 5. FIRST USE OF CONTAINERS?
  6. 6. Mode 1 Mode 2
  7. 7. Mode 1 Mode 2 TRADITIONAL
  8. 8. Mode 1 Mode 2 TRADITIONAL EXPLORATORY
  9. 9. YOU ARE NOT AN IT CRAFTSMAN YOU ARE A BI-MODAL IT MANUFACTURER
  10. 10. CATEGORIZE (FIPS 199 / SP 800-60)
  11. 11. CATEGORIZE (FIPS 199 / SP 800-60) SELECT CONTROLS (FIPS 200 / SP 800-53)
  12. 12. CATEGORIZE (FIPS 199 / SP 800-60) SELECT CONTROLS (FIPS 200 / SP 800-53) IMPLEMENT CONTROLS (SP 800-70)
  13. 13. CATEGORIZE (FIPS 199 / SP 800-60) SELECT CONTROLS (FIPS 200 / SP 800-53) IMPLEMENT CONTROLS (SP 800-70) ACCESS CONTROLS (SP 800-53A)
  14. 14. CATEGORIZE (FIPS 199 / SP 800-60) SELECT CONTROLS (FIPS 200 / SP 800-53) IMPLEMENT CONTROLS (SP 800-70) ACCESS CONTROLS (SP 800-53A) AUTHORIZE (SP 800-37)
  15. 15. CATEGORIZE (FIPS 199 / SP 800-60) SELECT CONTROLS (FIPS 200 / SP 800-53) IMPLEMENT CONTROLS (SP 800-70) ACCESS CONTROLS (SP 800-53A) MONITOR (SP 800-37 / SP 800-53A) AUTHORIZE (SP 800-37)
  16. 16. Everyone knows that SCAP is a suite of XML standards for creating automated checklists for configuration and vulnerability scans!
  17. 17. Features Risk? Risk? Risk? Units of ___________ Growth
  18. 18. Community created portfolio of tools and content to make attestations about known vulnerabilities https://github.com/OpenSCAP
  19. 19. $ govready scan
  20. 20. HOW TO ENGAGE OpenSCAP GitHub: https://github.com/OpenSCAP OpenSCAP References & Docs: https://github.com/OpenSCAP/scap-security-guide/wiki/Collateral-and-References SCAP Content Mailing List: https://fedorahosted.org/mailman/listinfo/scap-security-guide GovReady user-friendly front-end: https://github.com/GovReady/govready Ansible-SCAP (+ Vagrant) demo. See how it all works - painlessly: https://github.com/openprivacy/ansible-scap NIST SCAP Website: https://scap.nist.gov
  21. 21. Shawn Wells shawn@redhat.com 443-534-0130 CONTACT INFO Greg Elin gregelin@gitmachines.com 917-304-3488 Fen Labalme fen@civicactions.com 412-996-4113

×