The issue is less the automation (that's easy) and more that it isn't actually a codified standard.
I'll hop onto the STIG feedback space on SoftwareForge and see if they have a schema anywhere. The last time I asked, there wasn't one, but that was quite some time ago. Trevor On Thu, Nov 29, 2018 at 2:18 PM Albrecht, Thomas C < thomas.c.albre...@lmco.com> wrote: > They can and have been automated. One of our engineers at LM has created > a very bloated python script that goes through each of the items in the > DISA STIG, and only leaves one unanswered (I think it’s the “ask the admin > if he’s doing backups”) > > > > Tom A. > > > > *From:* Meinecke, Lee <lee.meine...@gtri.gatech.edu> > *Sent:* Thursday, November 29, 2018 2:25 PM > *To:* scap-security-guide@lists.fedorahosted.org > *Subject:* EXTERNAL: Re: alternatives to STIG Viewer once Oracle JDK 8 / > JavaFX 8 is EOL in January 2019? > > > > .ckl files are the manual checklists that are used to import the automated > XCCDF content. For example on RHEL6 you import the XCCDF content from the > scan and then you have 85 manual controls to review. You use the Java STIG > viewer (JavaFX required) as the GUI to provide comments and choose from a > drop down menu (open, not a finding, not applicable) for each manual > control. The auditors typcially request results from each host in .ckl > format I believe because it shows you've done the manual review as opposed > to providing an SCC or openscap HTML report which would only cover the > automated checks. > > > > btw, those 85 manual RHEL6 controls could be automated. Most are run this > command if it produces results its a finding. A few require interpretation > but most seem like they could be automated. > > > > Lee > ------------------------------ > > *From:* Shawn Wells <sh...@redhat.com> > *Sent:* Thursday, November 29, 2018 1:14 PM > *To:* scap-security-guide@lists.fedorahosted.org > *Subject:* Re: alternatives to STIG Viewer once Oracle JDK 8 / JavaFX 8 > is EOL in January 2019? > > > > > > On 11/28/18 12:51 PM, Trevor Vaughan wrote: > > Heh, no offense taken. I just needed to turn the little lights green > > with a .ckl file...and I did :-D > > What are the .ckl files imported into? How are they used? > > For example if OpenSCAP or Satellite could evaluate a system and output > a properly formatted .ckl file... would that provide value? What happens > with .ckl files? > _______________________________________________ > scap-security-guide mailing list -- > scap-security-guide@lists.fedorahosted.org > To unsubscribe send an email to > scap-security-guide-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > <https://getfedora.org/code-of-conduct.html> > > Fedora Code of Conduct <https://getfedora.org/code-of-conduct.html> > > getfedora.org > > Choose Freedom. Choose Fedora. Pick a flavor of Fedora streamlined for > your needs, and get to work right away. > > > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org > _______________________________________________ > scap-security-guide mailing list -- > scap-security-guide@lists.fedorahosted.org > To unsubscribe send an email to > scap-security-guide-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
