On 6/30/2010 4:39 PM, m.r...@5-cent.us wrote:
>> companies/business units/administrators police themselves so you need
>> metrics for someone else to test with. And even internally you need to
>> document why the failure of any standard check should be overlooked.
>
> No, the security people should have defined requirements specifically for
> our environment, rather than using something that's designed, say, for a
> std. corporate IT dept.
I like the sentiment, but the people making the situation-specific rules
would need to know more than the people actually doing the work which
doesn't seem likely to happen. And there's some value in making
everyone follow the same rules.
--
Les Mikesell
lesmikes...@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
