The DISA STIG content is based on the SCAP Security Guide (SSG) content. DISA's STIG-creation processes and additional requirements have caused some divergence in content between the STIG and the SSG. Getting the actual content (as opposed to the way the content is formatted) in synch is an ongoing effort. The difference in the XCCDF between the STIG and the SSG is an artifact of the way SCAP has been implemented at DISA.
I hope this answers some of your questions.
Thanks, Leland -- Leland Steinke, Security+ DISA FSO Technical Support Contractor tapestry technologies, Inc 717-267-5797 (DSN 570) leland.j.steinke.ctr@mail.mil (gov't) lsteinke@tapestrytech.com (com'l)
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap- security-guide-bounces@lists.fedorahosted.org] On Behalf Of joescap@mm.st Sent: Tuesday, December 10, 2013 7:42 PM To: scap-security-guide@lists.fedorahosted.org Subject: Understanding Content
We are considering using one of the RH6 profiles from the SCAP content on this site as a benchmark for our systems. I've looked over the site and still have a few questions.
Is the content and profiles here based off the "Standalone XCCDF - Red Hat 6 STIG, Version 1, Release 2"? Or is this a completely unrelated effort? The "Standalone XCCDF - Red Hat 6 STIG, Version 1, Release 2" has 9 profiles ranging from MAC 1 to MAC 3, but they all have the same checks enabled, so not much help to me. How are the Profiles found in the SCAP content on this site determined? They seem to be good realistic profiles, but I'm just curious how the Profile configuration was determined. I am just trying to understand the relationship between the DISA Standalone XCCDF - Red Hat 6 STIG, Version 1, Release 2 and the content found on the https://fedorahosted.org/scap-security-guide/ site. _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide