Thanks for the comments guys. It helps me understand where things are and where they might be going.

For me, I would write a (initial) user story much along the lines of:

"I would like to be able to parse oscap results into a MySQL database so that I can compare specific aspects of these results to others from the same server or from other servers."

I word it like this because I (personally) am not looking for a larger application framework (user interface, authentication, etc) that has to come along with the central database. I also like the idea of not being tied to one database engine and/or using a standardized API, but an API sounds like a few stories down the road.

Anyway, I'm grateful for the thoughts. I was initially just checking to make sure that before I start working on converting the XML to SQL (probably with xslt and Python) that someone else hasn't already done that. I hate it when I build something only to find out later that someone in the community has already built it (and probably way better).