On Wednesday, April 20, 2016 11:49:32 AM Greg Elin wrote: > We are trying to confirm the NIST certification for OpenSCAP. I know > OpenSCAP 1.0.8 was certified for SCAP v1.2. > > But is the current version of OpenSCAP is 1.2.x also NIST-certified?
No. This version is only on RHEL6 and 7. We have been working with NIST for about 2 years to allow a certification on RHEL6 and 7. They recently released validation test content so its our belief that the whole industry will be able to certify on RHEL6 and 7 real soon now. > Is the certification inherited for new versions? All versions of 1.0.x after and including 1.0.8 inherit the certifications. > We are using the current version of OpenSCAP for scanning RHEL 7.x. > > How does it all break down? Thanks! We are waiting for labs to be allowed to certify just like everyone else making SCAP tools. RHEL6 looks like it will get the green light soon, but RHEL7 may take longer since it may be tied up with the SCAP 1.3 specification which is under development. This isn't just an openscap issue, all vendors are in the same boat. -Steve _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
