Debian SCAP Guide

This page is a TODO/IDEAS list to implement a SCAP guide for Debian. Debian automatically generates and publishes OVAL information for use by SCAP.

TODO

Define the Profiles we want.
What are Debian CPEs (platform, family?). Many CPEs can be found in the testing security SVN repostory, svn+ssh://svn.debian.org/svn/secure-testing, in the data/CPE/ directory. In addition, some source packages include the known CPEs for the package in debian/upstream/metadata).
Define distribution we target (typically: testing then stable)
How to let our derivative fork easily?
How to cooperate with scap-security-guide
- support various guides/test suites for Debian (and others ?)
- support generated remediation files (ansible, anaconda, puppet, bash) for Debian (and others ?)
Test infrastructure?
- defining preseeds for hardened config ? (like RHEL kickstart in upstream SCAP security guide) to check security profiles (cf. RHEL/6/tests/kickstart dir in SSG upstream)
Dashboard)
- Compare: our supported checks, upstream checks, and a wishlist.
- Each SCAP probe should be tested, both in unstable and testing
- Each Debian distribution should be evaluated, for each relevant profile.
Write docs
Define communication channels so contributors can follow and participate (IRC, mailing list, etc.)

Later...