Chapter 5 – Linux Security Standards with Real-Life Examples
- Sadly, at this time, the USA does not have any federal privacy legislation. Hopefully, that will change in the near future!
- No, the critical controls are not meant as an audit framework. However, you can certainly be assessed against them.
For instance, in critical control 1, there is a recommendation to deploy 802.1x authentication for network access. This implies that your workstations and/or user accounts "authenticate" to the network and that the authentication process dictates what that station and userid combination has access to. While this isn't an audit item (it doesn't discuss specific settings or even specific services or accesses), whether you have implemented 802.1x in your infrastructure or not can be assessed in a larger security program or set of projects.
- The first answer to this is that the first check might not be accurate, and a parallax view can be helpful in determining...
