For SSH (and other configurations), we want to preserve the ability to not flag non-compliance if the default (unspecified) is compliant. It reduces costs, which makes for a more compelling (less uncompelling?) argument for C&A activities.
The wording of this is rough and definitely not final. After all the other checks and profile inclusion
adjustments are complete, and when we get to copy editing, it will undoubtedly be improved.
Jeffrey Blank (1):
added new macro for SSH checks (rough wording for now), and used it
RHEL6/input/services/ssh.xml | 15 +++++++++++++++
RHEL6/transforms/shorthand2xccdf.xslt | 21 ++++++++++++++++++++-
2 files changed, 35 insertions(+), 1 deletions(-)