Hello, Both the DISA SRGs and STIGIDs are added to the applicable RHEL/7 content. You can verify this by either `grep -rni 'stigid\|srg' RHEL/7/input/xccdf`, or `grep 'SRG\|RHEL-07' ssg-rhel7-xccdf.xml` Also, when a report is generated with the oscap --report option, the SRG and STIGID identifiers can be viewed in the report.
Gabe On Tue, Oct 4, 2016 at 8:08 AM, Olivier BONHOMME <[email protected]> wrote: > Hello, > > I'm a new OpenSCAP user and I write here because I have question about the > DISA > STIG compliancy. > > Before using OpenSCAP on my project, I need to validate what is the > coverage > rate of the STIG OpenSCAP profile against the DISA STIG XCCDF. > > I found lot of data in the generated output but I must admit it's a little > bit > difficult for me to understand how it is organized. > > Actually, I'm just looking for some kind of mapping in order to know if > there is > an OpenScap checker for each DISA rule specified in that XCCDF provided > here: http://iase.disa.mil/stigs/Pages/a-z.aspx > > If I understood correctly, the DISA specifed general security requirements > (SRG-XXXXX-GPOS-XXXXX) and derivated some specfic SCAP rules with the > format > RHEL-07-XXXXXX. > > So for me, I just need to find if there is an openscap checker in the RHEL7 > profile for each DISA derivated rule RHEL-07-XXXXXX. > > I found the stig_overlay.xml file in the RHEL/7/input directory but it > seems the > mapping is done against the RHEL6 rules. > > So I'm a little confused. That's why i'm looking if there is some official > information about a coverage rate against the DISA rules or if there is a > way to > generate it using input provided from the openscap input. > > Thanks for your answers. > > Regards, > Olivier Bonhomme > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
