For SSH (and other configurations), we want to preserve the ability to not flag non-compliance if the default (unspecified) is compliant. It reduces costs, which makes for a more compelling (less uncompelling?) argument for C&A activities.
The wording of this is rough and definitely not final. After all the other checks and profile inclusion adjustments are complete, and when we get to copy editing, it will undoubtedly be improved. Jeffrey Blank (1): added new macro for SSH checks (rough wording for now), and used it RHEL6/input/services/ssh.xml | 15 +++++++++++++++ RHEL6/transforms/shorthand2xccdf.xslt | 21 ++++++++++++++++++++- 2 files changed, 35 insertions(+), 1 deletions(-) _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
