This needs to be a Rule since it would be part of a STIG profile (even though its check may be entirely manual for now (eventually OCIL).
On 08/07/2012 09:54 AM, Willy Santos wrote:
Mapped antivirus group to CCI-1668 and removed mapping from impractical_product. Related ticket #84.
Signed-off-by: Willy Santos wsantos@redhat.com
RHEL6/input/auxiliary/srg_support.xml | 2 +- RHEL6/input/system/software/integrity.xml | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletions(-)
diff --git a/RHEL6/input/auxiliary/srg_support.xml b/RHEL6/input/auxiliary/srg_support.xml index 30da624..d04e823 100644 --- a/RHEL6/input/auxiliary/srg_support.xml +++ b/RHEL6/input/auxiliary/srg_support.xml @@ -30,7 +30,7 @@ The requirement is impractical or out of scope. The product does not meet this requirement. The requirement is impractical or out of scope.
</description> -<ref disa="28,29,30,32,24,1695,1169,1170,1239,1662,1668,1395,553" /> +<ref disa="28,29,30,32,24,1695,1169,1170,1239,1662,1395,553" /> </Group> <!-- end unmet_impractical_product -->
<Group id="requirement_unclear"> diff --git a/RHEL6/input/system/software/integrity.xml b/RHEL6/input/system/software/integrity.xml index a5ec1bc..702bb0f 100644 --- a/RHEL6/input/system/software/integrity.xml +++ b/RHEL6/input/system/software/integrity.xml @@ -178,4 +178,18 @@ on the system.</rationale>
</Group>
+<Group id="antivirus"> +<title>Virus Scanning</title> +<description>Virus scanning software should be used to protect a system from penetration from +computer viruses and to limit their spread through intermediate systems. The virus scanning +software should be configured to perform scans dynamically on accessed files. If this capability +is not available, the system should be configured to scan, at a minimum, all altered files on +the system on a daily basis. +<br /><br /> +Virus signature definition files should be updated frequently. It is recommended that definition +files be updated at least every 7 days. +</description> +<ref disa="1668"/> +</Group>
</Group>