On 5/9/16 8:07 PM, [email protected] wrote:
Fellow Open-Scappers:
I just got my Open-SCAP tool to work on CentOS 7 and works great. In
looking at the output, I noticed
that a significant number of CCEs do not have a numeric value to them,
but appear to be left open.
Who gets to enter CCEs to the NIST CCE dictionary?
Red Hat requests a block of CCEs from NIST, and dumps them into the
"cce-rhel-avail.txt" file:
https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/references/cce-rhel-avail.txt
Anyone in the community can take a CCE out of the available list and
assign to an XCCDF rule. We do ask that someone from Red Hat merges the
patch, as once assigned it does become a binding identifier that Red Hat
corporately attests to.
Noticed we're running low on CCEs. Just pinged NIST for more.
_______________________________________________
Open-scap-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/open-scap-list
