• Onno (VK6FLAB)@lemmy.radio
    link
    fedilink
    arrow-up
    4
    ·
    15 hours ago

    Yeah … voting around here is interesting from time to time.

    On a positive note, I hadn’t heard of the Linux Security Audit Project, looks interesting, thank you.

    I only briefly skimmed through the readme so I might have missed it, but I wonder how they’re able to claim compliance with specific standards.

    It was my understanding that it’s typically a drawn out expensive process with a certificate to hang on the wall after the fact.

    • fartsparkles@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      15 hours ago

      They make it clear it’s an assessment aid rather than a replacement for professional audits.

      Ultimately, you need to be accredited by a third party to whatever standard you’re targeting. Linux Security Audit Project just gives you some checks to help review your current posture and start tackling things ahead of the audit.