Thursday, August 14, 2014

SCAP Security Guide Source Migration

The SCAP Security Guide (SSG) Project has been hosted on FedoraHosted (  The scap-security-guide project (SSG) delivers security guidance, baselines, and associated validation mechanisms utilizing the ​Security Content Automation Protocol (SCAP)

The project provides practical security hardening advice for Red Hat products, and also links it to compliance requirements in order to ease deployment activities, such as certification and accreditation. These include requirements in the U.S. government (Federal, Defense, and Intelligence Community) as well as of the financial services and health care industries. For example, high-level and widely-accepted policies such as ​NIST 800-53 provides prose stating that System Administrators must audit "privileged user actions," but do not define what "privileged actions" are. The SSG bridges the gap between generalized policy requirements and specific implementation guidance, in SCAP formats to support automation whenever possible.

The source tree is now hosted on Github (  You will find JBoss EAP 5 and Fuse 6 SCAP Content in the repository.

As part of this process we'll be starting up Pull Requests, which means we volunteers who are willing to review patch submissions and approve their merge in the GitHub repo. 

Here's how to help:
---The GitHub page is On that page you'll be able to set your 'Watch' preferences:
* EMailed when ANYTHING happens on the site - tickets, patches, etc
* EMailed when someone asks or mentions the project (e.g., submit a pull request and says @OpenSCAP/scap-security-guide can I get a review plz?"
* EMailed never, ever
If you set your watch permissions to "Watching" you'll receive notes when people issue pull requests. This would be the notification to login and review the patch.
---Join the SSG Content Authors team:  This gives you commit rights on the new repo.