Hi, I will try to answer, but I don't use Nessus, so I'm not sure what is the exact reason of this fail.
In general, the SSG files are validated against SCAP XML schemas, so they are valid SCAP content. However, SCAP standard consist of multiple separate specifications. Strictly speaking, the SSG datastream doesn't conform to SCAP 1.2 specification, because the datastream contains OVAL checks conforming to OVAL version 5.11 which is a part of SCAP 1.3. For SCAP 1.2 conformance it would need to use OVAL checks in version 5.10 or older. According to this forum thread, it seems that Nessus doesn't support OVAL 5.11 it yet, but they say it's planned to be updated https://community.tenable.com/s/question/0D5f200005hKRwqCAG/nessus-pro-7-trouble-getting-oval-scans-to-work It could be a problem that Nessus expects datastreams that contain OVAL 5.10 only. Try using the SSG datastreams that contain OVAL 5.10 only. They can be downloaded from https://github.com/ComplianceAsCode/content/releases/download/v0.1.43/scap-security-guide-0.1.43-oval-510.zip I hope Nessus should be able to consume these files. The reason why we use 5.11 is that it contains new checks that allows us to check easily system services using systemd and other new things introduced in RHEL 7. The aforementioned datastreams that contain OVAL 5.10 only have limited abilities in comparison with those containing OVAL 5.11. Best Regards Jan Černý Security Technologies | Red Hat, Inc. On Sat, Apr 27, 2019 at 6:34 AM Riaz Ebrahim <mriazebrah...@gmail.com> wrote: > > I need help on openscap SSG project. > > I am currently exploring SCAP Auditing feature from Nessus console. I > understood that Nessus supports SCAP Content (1.0 or 1.1 or 1.2) which can be > downloaded from NIST repository (https://nvd.nist.gov/ncp/repository) based > on the target host version. This works great, However when i use SCAP from > OpenSCAP SSG (example "ssg-rhel6-ds.xml”), i am getting error as > “sg-rhel6-ds. .zip : sg-rhel6-ds.xml failed XML Schema validation” . > > I would like to what is the difference between openSSG scap data stream & > scap1.2 content downloaded from NIST repository. How i can convert openssg > data stream (Example - ssg-rhel6-ds.xml) to NIST scap 1.2 format. > > > My objective - To use openscap SSG from Nessus. Nessus scap scanning expects > SCAP 1.0, 1.1 or 1.2 content(in zip format). > > > Thanks in advance! > > _______________________________________________ > Open-scap-list mailing list > Openfirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/open-scap-list _______________________________________________ Open-scap-list mailing list Openemail@example.com https://www.redhat.com/mailman/listinfo/open-scap-list