Hello, Currently for references (STIGID, NIST, CUI, etc.) in our yaml content, we use a form of shortening the reference for STIGID and CCI e.g.
For CCI, we do something like the following: ``` disa: 2165,2696 ``` For STIGID, we do something like the following: ``` stigid: "020210" ``` This is was nice in the day that we only had just RHEL content, but now, we have Oracle, SuSE, Ubuntu, and the framework for macOS. Also, it would be nice to keep the build system agnostic of different reference identifiers formats for different platforms. Many users just copy/paste the references or use script changes in some way. Other repos use the full notation. As the STIGID and CCI are the only 2 references we short form, I am thinking that we should remove this short form notation and replace with the full notation to make it easier to script and copy/paste changes in addition to making it an easier experience for users coming from different repositories. What do you think? Keep the same form? Use the full notation? Thanks for your time, Gabe
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
