On 3/11/14, 6:15 PM, Kordell, Luke T wrote:
Hello,
I noticed that the majority of the rule definitions now have NIST 800-53 identifiers or an empty set of quotes where an identifier will be added. Is there a way to get the already-added identifiers to show-up on the .html scan results? At the moment all I can see is the CCE number.
Thanks,
Luke K
(cross posting to open-scap-list since this is of interest to both communities, and the OpenSCAP guys are in the position to affect change)
This comes up frequently. From a content perspective the NIST 800-53 (+STIG) identifiers are handled in the <ref> tags. It's a matter of having the tool (e.g. OpenSCAP) place them into the results file. I recall a thread about this, however couldn't easily find it.
So, for the OpenSCAP guys: within SSG we utilize the <ref> tag to map additional policy regimes to XCCDF rules. Is there a way to get this information exposed within result files?