This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

DISA Gold Disk FOIA Request Sent

UPDATE: My FOIA request was denied, and these tools will remain lost forever.  Details here.

I have sent a FOIA request to DISA for public release of the DISA FSO Gold Disk.  It is my hope that this request will be rather painless, and that DISA will release all requested materials.

If/when DISA does release the requested materials, I will establish an open source project on either SourceForge or Google Code for continued development of the Gold Disk.

My letter is below. I should receive a response within 30 days.

Hello,
I am writing to you to request public release of the following:
DISA FSO Gold Disk binaries
DISA FSO Gold Disk source code
DISA FSO Gold Disk developer documentation
DISA FSO Gold Disk user/administrator manuals

Per http://iase.disa.mil/stigs/index.html
"The DISA FSO Windows Gold disk tool provides an automated mechanism for compliance reporting and remediation to the Windows STIGs. The FSO Windows Gold Disks are an unlicensed tool developed by the FSO, the use of this tool is completely at the user's own risk. Currently, the Gold Disk supports Windows XP, Windows Vista, Windows 2003, Windows 2008 R1. There are no plans to develop Gold Disks for future technologies or products, FSO will utilize the SCAP standards for compliance reporting for Windows 7."

Since the tool is unlicensed and developed by FSO, that puts the tool in Public Domain. Furthermore, the DISA FSO Gold Disk is no longer supported for use within DoD, and development has ceased, meaning the tool is no longer in use within the DoD.

This tool could be of great use to the private sector, and would help increase the security of our nation.

I understand that the DISA Gold Disk does contain IAVM information which is still FOUO. As such, I am agreeable to this information being sanitized prior to public disclosure.

Since this is a FOIA request for public interest, I would like to request that any fees be waived.

I look forward to your response.

Thanks,
Ken Buckler
Caffeine Security

No comments:

Post a Comment