On 5/9/16 8:07 PM, david.ol...@verizon.net wrote:

Fellow Open-Scappers:

I just got my Open-SCAP tool to work on CentOS 7 and works great. In looking at the output, I noticed that a significant number of CCEs do not have a numeric value to them, but appear to be left open.
Who gets to enter CCEs to the NIST CCE dictionary?

Red Hat requests a block of CCEs from NIST, and dumps them into the "cce-rhel-avail.txt" file:

Anyone in the community can take a CCE out of the available list and assign to an XCCDF rule. We do ask that someone from Red Hat merges the patch, as once assigned it does become a binding identifier that Red Hat corporately attests to.

Noticed we're running low on CCEs. Just pinged NIST for more.
Open-scap-list mailing list

Reply via email to