Hello, N B:
… I can't find any identifiers in common between the DISA STIG and the SSG profile. DISA has indicated that STIG IDs (e.g. RHEL-08-010050) are the way to go moving forward, and only provides these ids in their draft STIG. SSG on the other hand, provides CCEs (presumably ones that it generates from a pool allocated by NIST), vul group ids, and sub-vul rule ids, but does not appear to provide the STIG IDs (I've looked in the table-rhel8-nistrefs-stig.html file of the 0.1.50 release and in the scan report from scanning my system).I would appreciate guidance on how to correlate these two sources and ideally where STIG IDs can be found in SSG STIG content since these seem to be DISA's preferred identifier going forward.
What content are you consulting?
I grabbed content from https://github.com/ComplianceAsCode/content (née SCAP Security Guide) and built the RHEL8 content.
I grabbed the RHEL8 draft STIG from https://public.cyber.mil/stigs/downloads/. The included XCCDF has, as an example, RHEL-08-010830 as an identifier and the related XCCDF Rule definition cites <ident system="http://iase.disa.mil/cci">CCI-000366</ident>. This could perhaps serve as a cross-reference.
The (as-built) ComplianceAsCode content for RHEL8 includes an XCCDF Rule titled «Verify Only Root Has UID 0» and cites <reference href="" class="moz-txt-link-rfc2396E" href="https://public.cyber.mil/stigs/cci/">"https://public.cyber.mil/stigs/cci/">CCI-000366</reference>. Is that what you were hoping for? If so, the two documents can be be correlated.
As an FYI, there are 415 Rules with such a <reference
href="" class="moz-txt-link-rfc2396E"
href="https://public.cyber.mil/stigs/cci/">"https://public.cyber.mil/stigs/cci/">
citation in the ComplianceAsCode RHEL8 XCCDF, and 232 Rules with
a <ident system="http://iase.disa.mil/cci">
citation in the STIG XCCDF. Go figure.
Regards,
Gary
PS: a direct email response attempt resulted in… <frostyn...@fedoraproject.org>: 209.132.183.28 does not like recipient. Remote host said: 550 5.1.1 <frostyn...@fedoraproject.org>: Recipient address rejected: User unknown in local recipient table Giving up on 209.132.183.28.
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
