Hello, I'm a new OpenSCAP user and I write here because I have question about the DISA STIG compliancy.
Before using OpenSCAP on my project, I need to validate what is the coverage rate of the STIG OpenSCAP profile against the DISA STIG XCCDF. I found lot of data in the generated output but I must admit it's a little bit difficult for me to understand how it is organized. Actually, I'm just looking for some kind of mapping in order to know if there is an OpenScap checker for each DISA rule specified in that XCCDF provided here: http://iase.disa.mil/stigs/Pages/a-z.aspx If I understood correctly, the DISA specifed general security requirements (SRG-XXXXX-GPOS-XXXXX) and derivated some specfic SCAP rules with the format RHEL-07-XXXXXX. So for me, I just need to find if there is an openscap checker in the RHEL7 profile for each DISA derivated rule RHEL-07-XXXXXX. I found the stig_overlay.xml file in the RHEL/7/input directory but it seems the mapping is done against the RHEL6 rules. So I'm a little confused. That's why i'm looking if there is some official information about a coverage rate against the DISA rules or if there is a way to generate it using input provided from the openscap input. Thanks for your answers. Regards, Olivier Bonhomme _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
