├── .gitignore
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
 1 | *.csv
 2 | !test.csv
 3 | __pycache__
 4 | 
 5 | # Packer
 6 | *.pem
 7 | 
 8 | # Ansible
 9 | ansible/roles/
10 | *.retry
11 | secrets.yml
12 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # GSA Security Benchmarks [![CircleCI](https://circleci.com/gh/GSA/security-benchmarks.svg?style=svg)](https://circleci.com/gh/GSA/security-benchmarks)
 2 | 
 3 | Welcome to the General Services Administration Security Benchmarks repository. As automated implementation and verification content is developed and updated, it will be posted here. This content is provided as a tool to facilitate implementation and verification of security settings required by the GSA Security Benchmarks.
 4 | 
 5 | ## What are GSA Security Benchmarks?
 6 | 
 7 | The GSA publishes security guides for various operating systems and applications commonly used at the agency. For more information, please refer to the published guides on [insite.gsa.gov](https://insite.gsa.gov/portal/content/627210) (*only accessible with GSA account*).
 8 | 
 9 | ## Available Content
10 | 
11 | ### Security Benchmark Documentation
12 | 
13 | Dependency: GSA account
14 | 
15 | * [Hardening Guides](https://insite.gsa.gov/portal/content/627210) - Documents outlining the general use and standards for security benchmarks.
16 | * [Security Benchmark Worksheets](https://drive.google.com/drive/folders/0BwLUd26GHbxibTFROVdoSk1RNUE) - Individual worksheets itemizing the security benchmark settings.
17 | 
18 |     
19 | ### Automated Implementation
20 | 
21 | #### Ansible Playbooks
22 | 
23 | Dependency: [Ansible](https://docs.ansible.com/ansible/latest/intro_installation.html)
24 | 
25 | * [RHEL 6](https://github.com/GSA/ansible-os-rhel-6)
26 | * [RHEL 7](https://github.com/GSA/ansible-os-rhel-7)
27 | * [Ubuntu 16](https://github.com/GSA/ansible-os-ubuntu-16)
28 | * [Windows Server 2016](https://github.com/GSA/ansible-os-win-2016)
29 | 
30 | #### GPOs
31 | 
32 | * [Windows Server 2012 R2](https://github.com/GSA/ISE-Security-Benchmark-GPOs)
33 | 
34 | 
35 | 
36 | ### Automated Verification
37 | 
38 | Dependency: GSA account
39 | 
40 | * [Tenable/Nessus Audit Files](https://drive.google.com/drive/folders/0BwLUd26GHbxiT1hMVUtRTGNKZjg) - Custom audit content for use with Tenable Security Center or Nessus Vulnerability Scanner
41 | * [BigFix Compliance Checklists](https://bigfixcompliance.gsa.gov:52315/scm) - Custom audit content for use with hosts that are registered with the BigFix platform.
42 | 
43 | For questions or comments, contact OCISO ISE: [ise-guides@gsa.gov](mailto:ise-guides@gsa.gov).
44 | 
45 | <!-- reference-style links, to de-duplicate URLs and keep the table above readable -->
46 | 
47 | [ClamAV]: https://www.clamav.net/
48 | [Cylance]:https://www.cylance.com/en_us/products/our-products/protect.html
49 | [FireEyeHx]:https://www.fireeye.com/blog/products-and-services/2017/09/bringing-advanced-protection-to-endpoints.html
50 | [GAuth]: https://github.com/GSA/d2d/blob/master/docs/linux_mfa_setup.md
51 | [Nessus Linux]: https://drive.google.com/open?id=0B726fftFCN-oemFRazdnM3FITE0
52 | [Nessus Win]: https://drive.google.com/open?id=0B726fftFCN-oQUtGWWE3SENBYjg
53 | [OSSEC]: https://github.helix.gsa.gov/GSASecOps/ansible-ossec-agent
54 | [RHEL 6]: https://github.com/GSA/ansible-os-rhel-6
55 | [RHEL 7]: https://github.com/GSA/ansible-os-rhel-7
56 | [Rohos]: https://github.com/GSA/d2d/blob/master/docs/windows_mfa_setup.md
57 | [Snare]: https://www.intersectalliance.com/our-product/snare-agent/
58 | [Ubuntu 14]: https://github.com/GSA/ansible-os-ubuntu-14
59 | [Ubuntu 16]: https://github.com/GSA/ansible-os-ubuntu-16
60 | [GPOs]: https://github.com/GSA/ISE-Security-Benchmark-GPOs
61 | 


--------------------------------------------------------------------------------