I have sent a FOIA request to DISA for public release of the DISA FSO Gold Disk. It is my hope that this request will be rather painless, and that DISA will release all requested materials.
If/when DISA does release the requested materials, I will establish an open source project on either SourceForge or Google Code for continued development of the Gold Disk.
My letter is below. I should receive a response within 30 days.
Hello,I am writing to you to request public release of the following:DISA FSO Gold Disk binariesDISA FSO Gold Disk source codeDISA FSO Gold Disk developer documentationDISA FSO Gold Disk user/administrator manualsPer http://iase.disa.mil/stigs/index.html"The DISA FSO Windows Gold disk tool provides an automated mechanism for compliance reporting and remediation to the Windows STIGs. The FSO Windows Gold Disks are an unlicensed tool developed by the FSO, the use of this tool is completely at the user's own risk. Currently, the Gold Disk supports Windows XP, Windows Vista, Windows 2003, Windows 2008 R1. There are no plans to develop Gold Disks for future technologies or products, FSO will utilize the SCAP standards for compliance reporting for Windows 7."Since the tool is unlicensed and developed by FSO, that puts the tool in Public Domain. Furthermore, the DISA FSO Gold Disk is no longer supported for use within DoD, and development has ceased, meaning the tool is no longer in use within the DoD.This tool could be of great use to the private sector, and would help increase the security of our nation.I understand that the DISA Gold Disk does contain IAVM information which is still FOUO. As such, I am agreeable to this information being sanitized prior to public disclosure.Since this is a FOIA request for public interest, I would like to request that any fees be waived.I look forward to your response.Thanks,Ken BucklerCaffeine Security