This may be the wrong place to ask this, but I've been looking at this for hours and was hoping someone could either explain what I'm seeing or point to someplace that I can ask.
I am trying to understand why several checks are missing using the SCAP content with the SCAP Compliance Checker 5.2.1. Using the SCAP content for Windows 10 (V1R15) and comparing to the STIG of the same version there are several checks for Exploit Protection that is not in the SCAP content, but are listed in the STIG.
For example V-77097 (WN10-EP-000040), V-77101 (WN10-EP-000050) are missing. There are several others as well for Exploit Protection. Shouldn't the SCAP content for V1R15 match what the STIG of the same version states that needs to be checked.
What am I missing?
Thank You
Are the checks manual checks and can't be automated through SCAP?
On Fri, Oct 11, 2019 at 3:26 PM joescap@mm.st wrote:
This may be the wrong place to ask this, but I've been looking at this for hours and was hoping someone could either explain what I'm seeing or point to someplace that I can ask.
I am trying to understand why several checks are missing using the SCAP content with the SCAP Compliance Checker 5.2.1. Using the SCAP content for Windows 10 (V1R15) and comparing to the STIG of the same version there are several checks for Exploit Protection that is not in the SCAP content, but are listed in the STIG.
For example V-77097 (WN10-EP-000040), V-77101 (WN10-EP-000050) are missing. There are several others as well for Exploit Protection. Shouldn't the SCAP content for V1R15 match what the STIG of the same version states that needs to be checked.
What am I missing?
Thank You _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...
This isn't the right forum, since it's specifically for RH and other Linux based scores. You're probably going to have to contact DISA directly related to problems with the Windows STIGs and benchmarks.
https://public.cyber.mil/knowledge-base/scap-srg-stig-questions/
Tom A.
-----Original Message----- From: joescap@mm.st joescap@mm.st Sent: Friday, October 11, 2019 5:26 PM To: scap-security-guide@lists.fedorahosted.org; open-scap-list@redhat.com Subject: EXTERNAL: SCAP not Matching STIG
This may be the wrong place to ask this, but I've been looking at this for hours and was hoping someone could either explain what I'm seeing or point to someplace that I can ask.
I am trying to understand why several checks are missing using the SCAP content with the SCAP Compliance Checker 5.2.1. Using the SCAP content for Windows 10 (V1R15) and comparing to the STIG of the same version there are several checks for Exploit Protection that is not in the SCAP content, but are listed in the STIG.
For example V-77097 (WN10-EP-000040), V-77101 (WN10-EP-000050) are missing. There are several others as well for Exploit Protection. Shouldn't the SCAP content for V1R15 match what the STIG of the same version states that needs to be checked.
What am I missing?
Thank You _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...
scap-security-guide@lists.fedorahosted.org