The DISA STIG content is based on the SCAP Security Guide (SSG) content. DISA's
STIG-creation processes and additional requirements have caused some divergence in content
between the STIG and the SSG. Getting the actual content (as opposed to the way the
content is formatted) in synch is an ongoing effort. The difference in the XCCDF between
the STIG and the SSG is an artifact of the way SCAP has been implemented at DISA.
I hope this answers some of your questions.
Thanks,
Leland
--
Leland Steinke, Security+
DISA FSO Technical Support Contractor
tapestry technologies, Inc
717-267-5797 (DSN 570)
leland.j.steinke.ctr(a)mail.mil (gov't)
lsteinke(a)tapestrytech.com (com'l)
-----Original Message-----
From: scap-security-guide-bounces(a)lists.fedorahosted.org [mailto:scap-
security-guide-bounces(a)lists.fedorahosted.org] On Behalf Of
joescap(a)mm.st
Sent: Tuesday, December 10, 2013 7:42 PM
To: scap-security-guide(a)lists.fedorahosted.org
Subject: Understanding Content
We are considering using one of the RH6 profiles from the SCAP content
on this site as a benchmark for our systems. I've looked over the site
and still have a few questions.
Is the content and profiles here based off the "Standalone XCCDF - Red
Hat 6 STIG, Version 1, Release 2"? Or is this a completely unrelated
effort? The "Standalone XCCDF - Red Hat 6 STIG, Version 1, Release 2"
has 9 profiles ranging from MAC 1 to MAC 3, but they all have the same
checks enabled, so not much help to me. How are the Profiles found in
the SCAP content on this site determined? They seem to be good
realistic
profiles, but I'm just curious how the Profile configuration was
determined. I am just trying to understand the relationship between
the
DISA Standalone XCCDF - Red Hat 6 STIG, Version 1, Release 2 and the
content found on the
https://fedorahosted.org/scap-security-guide/
site.
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide