I agree with @gabe and others. Another option is to possibly give a 'system needs to remediate x controls to reach compliance.
Rodney > On Aug 28, 2014, at 3:09 PM, Gabe Alford <redhatri...@gmail.com> wrote: > > Agree about the "The system is not compliant!" text. A lot of our security > people will freak out over it. Maybe either different types of non-compliance > messages are based off of a %, or better non-compliance messages that are not > so alarming. > > Gabe > > >> On Thu, Aug 28, 2014 at 12:29 PM, Andrew Gilmore <agilmo...@gmail.com> wrote: >> I like the new look and functionality. >> >> Two first blush comments: >> 1) On the report document, I can imagine my security officials freaking out >> over the in-your-face "The system is not compliant!" text. What is the >> recommended course to ensure this text does not appear if you're running the >> scan on a webserver, for example? Is it as simple as creating a custom >> profile derived from the STIG profile? Does anyone directly use the STIG >> profile, have a completely compliant system, and have a server that actually >> does anything useful? >> Up to now, I've left tests in that I have waivers for, and then pointed at >> the waivers to justify the test failures. Perhaps I will need to change that >> practice. >> >> 2) On the guide document, the text beginning "Providing system >> administrators" occurs twice. >> >> >> >> >>> On Thu, Aug 28, 2014 at 11:49 AM, Martin Preisler <mprei...@redhat.com> >>> wrote: >>> Hi, >>> >>> as you may know I have been working on a complete rewrite of HTML report >>> and guide for the upcoming openscap 1.1.0 release. It's a feature that will >>> touch almost every user of openscap. I would like to gather feedback from >>> the scap-security-guide community so that we can make sure there aren't any >>> blocker issues in the release. It is natural that there will be small >>> issues that we will iron out in minor releases. Basically we would just >>> like to make sure the new report and guide aren't missing anything crucial >>> that would prevent adoption. >>> >>> See https://mpreisle.fedorapeople.org/openscap/1.1.0_xslt/ for sample HTML >>> report and guide from SSG for RHEL6. >>> >>> Looking forward to feedback. >>> >>> -- >>> Martin Preisler >>> -- >>> SCAP Security Guide mailing list >>> scap-security-guide@lists.fedorahosted.org >>> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide >>> https://github.com/OpenSCAP/scap-security-guide/ >> >> >> -- >> SCAP Security Guide mailing list >> scap-security-guide@lists.fedorahosted.org >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide >> https://github.com/OpenSCAP/scap-security-guide/ > > -- > SCAP Security Guide mailing list > scap-security-guide@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
