On 11/12/13, 4:49 PM, Kordell, Luke T wrote:
Thank you for all the useful feedback! I am actually comparing the SCAP rules against SECSCNcontrols that have already been selected. My team may choose to utilize additional SCAP scans as we see fit, but my minimum requirements are somewhat straight-forward. I realize that many of the controls are open to interpretation but I think in some of these cases a series of SCAP rules can be called to check all aspects. For instance one of our user account configuration control requirements can be covered by calling two SCAP rules. I know this may not work in all cases, but to me it's worth putting in the time to connect all the dots. In some situations SCAP seems more precise than SECSCN which can make the two difficult to compare.
How'd the comparison go? Many parties would love to read your comments! _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
