***Thanks to moderators for allowing this post***
Hi folks, I'd like to introduce myself. My name is Dave Shackleford, and I
represent the Center for Internet Security. Some of you may know of us, and
some of you may not.
CIS is a non-profit that coordinates teams of volunteers who collaborate to
create benchmark guides for securing systems. Many of you may have used some of
the CIS tools to score your systems against the benchmarks at one time or
another, and thousands of people download the benchmarks and scoring tools
every month. We are actively seeking IT and security professionals to
participate in the benchmark development process. We are also looking for
anyone experienced in Java and/or XML programming to assist with our newest
scoring tool development (contact me off-list).
We have a lot of new benchmarks that are in the works, as well as updates to
existing benchmarks. Time commitments are minimal, all you need to do is go and
sign up on a mailing list (less than 30 seconds, promise) and provide some
input to the group on the benchmark draft when it's released. We always have a
team leader who puts together the initial draft, pulling from a variety of
sources; this is then sent to the mailing list for review and comment. After a
consensus is reached, we publish it. We also list participants' names on our
"Honor Roll" page at http://www.cisecurity.org/honor_roll.html.
Our benchmarks are gaining a lot of attention right now. We are mentioned
specifically in the PCI DSS (section 2.2), we are working with NIST to develop
tools and content, and a lot more. Below are examples of projects that are
getting ready to start, and there are more on the way! If you would like to
participate, please visit the site and sign up. We won't send you any
unsolicited email, just the list postings for benchmark development. Also,
please feel free to sign up for anything not mentioned below, we will be
working on all of the benchmarks over the course of the next year or so. There
are also lots of opportunities to earn CPE credits for participation.
If you have any questions, please reply to me off-list (dshackleford at
cisecurity dot org). Thanks for your help! -Dave
1. MySQL Benchmark
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/mysql-benchmark
(used going forward)
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/database-benchmark
Note: Some of the work previously done on the first draft of this document has
been done on the "Database-benchmark" list. Joining that list and checking some
of the archives will likely be beneficial.
2. Solaris 10 Update 3 Benchmark
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/solaris-benchmark
(used going forward)
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/unix-benchmark
Note: Some of the work previously done on the first draft of this document has
been done on the "Unix-benchmark" list. Joining that list and checking some of
the archives will likely be beneficial.
3. OpenLDAP and FreeRADIUS Benchmarks
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/access-controls
4. Virtualization Benchmark
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/vm-security-benchmark
Note: This list will benefit from varied backgrounds and skill sets.
5. Other Updates
A. HP-UX:
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/unix-benchmark
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/hp-ux-benchmark
(used going forward)
B. Oracle:
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/oracle-benchmark
(used going forward)
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/database-benchmark
C. Apache
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/apache-benchmark
D. Red Hat Enterprise:
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/unix-benchmark
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/redhat-benchmark
(used going forward)
