On 5/9/16 8:07 PM, david.ol...@verizon.net wrote:

Fellow Open-Scappers:

I just got my Open-SCAP tool to work on CentOS 7 and works great. In looking at the output, I noticed that a significant number of CCEs do not have a numeric value to them, but appear to be left open.
Who gets to enter CCEs to the NIST CCE dictionary?


Red Hat requests a block of CCEs from NIST, and dumps them into the "cce-rhel-avail.txt" file:
https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/references/cce-rhel-avail.txt

Anyone in the community can take a CCE out of the available list and assign to an XCCDF rule. We do ask that someone from Red Hat merges the patch, as once assigned it does become a binding identifier that Red Hat corporately attests to.

Noticed we're running low on CCEs. Just pinged NIST for more.
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to