add table listing required/suggested agents

[afeld]

https://trello.com/c/GtixGfwg/215-as-a-user-i-know-what-security-agents-need-need-to-be-installed-on-connected-to-server-instances

This list came up in a meeting with D2D today, so took a quick pass at it. It will likely grow, and we'll hopefully link to more GSA-specific instructions (where applicable), Ansible roles, example usage, etc. as we go. Want to give us a starting list to iterate on.

Easiest to understand the changes by clicking the paper icon at the top of Files changed to see the "rich diff".

Thanks!

[afeld]

Also, someone mentioned Microsoft EMET - are we still using that?

[lambardo-richards]

Microsoft will be deprecating EMET on/before July 31, 2018, and hence related settings have been omitted from the GSA hardening guides published by SecEng (ISE).

Kind regards,

R. Lambardo Richards (ISE-C), CISSP Analyst, Security Engineering Division Office of the Chief Information Security Officer General Services Administration M: 202/344.5599

On Wed, Dec 13, 2017 at 1:30 PM, Aidan Feldman notifications@github.com wrote:

Also, someone mentioned Microsoft EMET https://support.microsoft.com/en-us/help/2458544/the-enhanced-mitigation-experience-toolkit

• are we still using that?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/GSA/security-benchmarks/pull/17#issuecomment-351480227, or mute the thread https://github.com/notifications/unsubscribe-auth/AbP0ig6Puwfdk3v-rTn0GFApWu4rU0Bxks5tABexgaJpZM4RA-YU .

[jeremy-gillikin]

@afeld I like to mature this first before we merge.

[afeld]

@jeremy-gillikin Sure. What would that look like? Is it checking things on your side, or want to set up a little time for the two of us to work through it together, or...?

[afeld]

A few tools I left out: BigFix and ForeScout, since the Continuous Diagnostics and Monitoring (CDM) requirements don't apply to cloud yet.

[afeld]

Also, happy to add a big caveat of “THIS LIST IS A WORK-IN-PROGRESS” if that would help. More about giving ourselves and our users a sense of all that’s required for base images than trying to lay out formal requirements.