What do you mean by "map" the XCCDFs of SSG and DISA? I've looked into the
the DISA Vunerability IDs referenceing the CCI/CCEs that it's for. I
haven't checked it against the SSG XCCDF though.
Yeah... I know the "generate fix" thing is muck. I'm actually having to
rebuild a system because the
It's the other way around. Most DOD Information Assurance departments use
the DISA IASE stuff that are based off of a Vulnerability ID (VID). The
VIDs are normally associated with a CCI or CCE; sometimes both or one or
the other. The VIDs are sometimes the results of the Information Assurance