Focus on Linux
Center for Internet Security - Call for Participation May 07 2007 11:09PM
Dave Shackleford (dshackleford cisecurity org)

***Thanks to moderators for allowing this post***

Hi folks, I'd like to introduce myself. My name is Dave Shackleford, and I represent the Center for Internet Security. Some of you may know of us, and some of you may not.

CIS is a non-profit that coordinates teams of volunteers who collaborate to create benchmark guides for securing systems. Many of you may have used some of the CIS tools to score your systems against the benchmarks at one time or another, and thousands of people download the benchmarks and scoring tools every month. We are actively seeking IT and security professionals to participate in the benchmark development process. We are also looking for anyone experienced in Java and/or XML programming to assist with our newest scoring tool development (contact me off-list).

We have a lot of new benchmarks that are in the works, as well as updates to existing benchmarks. Time commitments are minimal, all you need to do is go and sign up on a mailing list (less than 30 seconds, promise) and provide some input to the group on the benchmark draft when it's released. We always have a team leader who puts together the initial draft, pulling from a variety of sources; this is then sent to the mailing list for review and comment. After a consensus is reached, we publish it. We also list participants' names on our "Honor Roll" page at http://www.cisecurity.org/honor_roll.html.
 
Our benchmarks are gaining a lot of attention right now. We are mentioned specifically in the PCI DSS (section 2.2), we are working with NIST to develop tools and content, and a lot more. Below are examples of projects that are getting ready to start, and there are more on the way! If you would like to participate, please visit the site and sign up. We won't send you any unsolicited email, just the list postings for benchmark development. Also, please feel free to sign up for anything not mentioned below, we will be working on all of the benchmarks over the course of the next year or so. There are also lots of opportunities to earn CPE credits for participation.

If you have any questions, please reply to me off-list (dshackleford at cisecurity dot org). Thanks for your help! -Dave

1. MySQL Benchmark  
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/mysql-benchmark (used going forward)
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/database-benchmark

Note: Some of the work previously done on the first draft of this document has been done on the "Database-benchmark" list. Joining that list and checking some of the archives will likely be beneficial.

2. Solaris 10 Update 3 Benchmark
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/solaris-benchmark (used going forward)
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/unix-benchmark

Note: Some of the work previously done on the first draft of this document has been done on the "Unix-benchmark" list.  Joining that list and checking some of the archives will likely be beneficial.

3. OpenLDAP and FreeRADIUS Benchmarks
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/access-controls

4. Virtualization Benchmark
MAILING LIST: http://lists.cisecurity.org/mailman/listinfo/vm-security-benchmark

Note: This list will benefit from varied backgrounds and skill sets.

5. Other Updates

A. HP-UX:
MAILING LIST:  http://lists.cisecurity.org/mailman/listinfo/unix-benchmark
MAILING LIST:  http://lists.cisecurity.org/mailman/listinfo/hp-ux-benchmark (used going forward)

B. Oracle:
MAILING LIST:  http://lists.cisecurity.org/mailman/listinfo/oracle-benchmark (used going forward)
MAILING LIST:  http://lists.cisecurity.org/mailman/listinfo/database-benchmark

C.  Apache
MAILING LIST:  http://lists.cisecurity.org/mailman/listinfo/apache-benchmark

D.  Red Hat Enterprise:
MAILING LIST:  http://lists.cisecurity.org/mailman/listinfo/unix-benchmark
MAILING LIST:  http://lists.cisecurity.org/mailman/listinfo/redhat-benchmark (used going forward)

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus