[CentOS] security compliance vs. old software versions
Les Mikesell
lesmikesell at gmail.com
Wed Jun 30 22:03:41 UTC 2010
On 6/30/2010 4:39 PM, m.roth at 5-cent.us wrote:
>> companies/business units/administrators police themselves so you need
>> metrics for someone else to test with. And even internally you need to
>> document why the failure of any standard check should be overlooked.
>
> No, the security people should have defined requirements specifically for
> our environment, rather than using something that's designed, say, for a
> std. corporate IT dept.
I like the sentiment, but the people making the situation-specific rules
would need to know more than the people actually doing the work which
doesn't seem likely to happen. And there's some value in making
everyone follow the same rules.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list