I know that DISA periodically makes part of their site unavailable while they make changes to their regulations (checklists, STIGS, etc.) So, for the past couple of days I've been waiting for the new checklists to be posted so as to prepare for a new trip. Yesterday, a bunch of the checklists updated: MS SQL Server has been split into SQL Server 2000 and 2005. The Oracle checklists have been split up by Oracle version. I notice that three of the Windows checklists have been updated: Windows 2000, 2003, and 2008. Curiously, there is not a checklist posted for Windows XP or Vista. I supposed they are forth-coming.
However, I was highly surprised to see that the SRR scripts have been moved to a site that requires CAC authentication. And at this, I have to wonder why. In my opinion, the scripts do a great job of testing configurations against what the DoD expects items under their purview to be configured. Was that such a bad thing that everyone had access to the tools? It only makes the community safer. I'm hoping this is a temporary measure, and that all will return to normal as I would hate to see valuable tools be available only to a select few.