Home page logo

pauldotcom logo PaulDotCom mailing list archives

Baseline Config Audit policy creation or modification
From: "Albert R. Campa" <abcampa () gmail com>
Date: Fri, 26 Jul 2013 08:28:03 -0500

Hello everyone. :)

I am doing some work on baseline/benchmark/compliance/config auditing, and
I would like to get some experience feedback on doing editing/modifcation
of these benchmarks.

As you know there are many standards CIS, DISA, PCI, etc, on many
platforms, MS, Linux, DB, Cisco, etc.

My questions is for anyone who does this are the following:

Do you use default policies from CIS, DISA, etc and run with that?
Do you use a CIS, DISA, etc as a start and then modify to org standards?
Or do you just create a baseline from scratch?

I created a blog post on this, showing my point of view using Nessus and

I also want to find out from you how useful would a gui be to edit/create
these audit policies? If you read the blog post you will see where I am
coming from, as well as Tenable/Rapid7 point of view. Hopefully we have
some Nexpose users on this list. ;)


Albert Campa
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]