On 13/04/18 14:19, Donald, Jason E wrote:
Greetings
Thank you for the update on importing the STIG results into STIGviewer from a
RHEL7 scan.
I noticed that only some of the checks are imported over and it leaves at least
149 not reviewed. The result reference ID's were not found in the Checklist
STIG. Is there action to mitigate this?
Hello,
May I ask what version of STIG content you have loaded in STIGViewer,
and what version of SSG you used for scan?
Did you get errors about unknown ID's?
For optimal matching of ID's, the version of STIG content loaded and
version of STIG Profile in SSG need to match.
Current STIG Profile in SSG is aligned to v1r1, in latest upstream there
have been patches to aligned with v1r4.
Also, another reason that can add to the number of Rules "not reviewed"
is that not all Rules have checks….
This capability is so needed.
Thank you
--
Watson Sato
Security Technologies | Red Hat, Inc
_______________________________________________
Open-scap-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/open-scap-list
