I suspect it is the 1.2 that may be causing the problems. We can look into it on our end because we are publishing a Windows benchmark in that format.
-----Original Message----- From: scap-security-guide-request@lists.fedorahosted.org [mailto:scap-security-guide-request@lists.fedorahosted.org] Sent: Friday, August 18, 2017 3:31 PM To: scap-security-guide@lists.fedorahosted.org Subject: [Non-DoD Source] scap-security-guide Digest, Vol 71, Issue 12
Send scap-security-guide mailing list submissions to scap-security-guide@lists.fedorahosted.org
To subscribe or unsubscribe via email, send a message with subject or body 'help' to scap-security-guide-request@lists.fedorahosted.org
You can reach the person managing the list at scap-security-guide-owner@lists.fedorahosted.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of scap-security-guide digest..."
Today's Topics:
1. Re: [Non-DoD Source] scap-security-guide Digest, Vol 71, Issue 10 (Shawn Wells) 2. Re: [Non-DoD Source] Re: oscap output and STIG Viewer (Trevor Vaughan)
----------------------------------------------------------------------
Date: Fri, 18 Aug 2017 14:56:10 -0400 From: Shawn Wells shawn@redhat.com Subject: Re: [Non-DoD Source] scap-security-guide Digest, Vol 71, Issue 10 To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Message-ID: EF1596E8-4BEE-45FA-9F27-292F07702663@redhat.com Content-Type: text/plain; charset=us-ascii
Hey Jason,
Thanks for the response! OpenSCAP can generate ARF, OVAL results, XCCDF results in SCAP 1.2 formats.
Shawn
On Aug 18, 2017, at 1:52 PM, Mackanick, Jason W CIV DISA RE (US) jason.w.mackanick.civ@mail.mil wrote:
The DISA STIG Viewer accepts xccdf results files. Is this the format which openscap is using?
-----Original Message----- From: scap-security-guide-request@lists.fedorahosted.org [mailto:scap-security-guide-request@lists.fedorahosted.org] Sent: Friday, August 18, 2017 1:47 PM To: scap-security-guide@lists.fedorahosted.org Subject: [Non-DoD Source] scap-security-guide Digest, Vol 71, Issue 10
All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.
Send scap-security-guide mailing list submissions to scap-security-guide@lists.fedorahosted.org
To subscribe or unsubscribe via email, send a message with subject or body 'help' to scap-security-guide-request@lists.fedorahosted.org
You can reach the person managing the list at scap-security-guide-owner@lists.fedorahosted.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of scap-security-guide digest..."
Today's Topics:
- Re: oscap output and STIG Viewer (Trevor Vaughan)
- Re: oscap output and STIG Viewer (Shawn Wells)
- RE: [Non-DoD Source] Re: oscap output and STIG Viewer (Paige, David B CTR USARMY ICOE (US))
- RE: [Non-DoD Source] Re: oscap output and STIG Viewer (Paige, David B CTR USARMY ICOE (US))
- RE: [Non-DoD Source] Re: oscap output and STIG Viewer (Albrecht, Thomas C)
Date: Fri, 18 Aug 2017 10:20:41 -0400 From: Trevor Vaughan tvaughan@onyxpoint.com Subject: Re: oscap output and STIG Viewer To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Message-ID: CANs+FoUiDyaAoodJ9mh4Ku8g_cE56bObmqkGUttbvcgmgGdFkQ@mail.gmail.com Content-Type: multipart/alternative; boundary="001a114e7e887ee173055707d587"
--001a114e7e887ee173055707d587 Content-Type: text/plain; charset="UTF-8"
Please do ask DISA to support the standard SCAP formats if at all possible.
I haven't been able to find any of their internal formats yet I'm trying to automate the generation of content for them.
This really is not helpful to their user base.
Trevor
On Thu, Aug 17, 2017 at 9:58 PM, Shawn Wells shawn@redhat.com wrote:
On 8/17/17 1:02 PM, Paige, David B CTR USARMY ICOE (US) wrote: The DISA STIGViewer isn't about to correlate the Redhat STIG with any of
the items from a Rhel/CentOS xml file created by openscap. This means that all of the items must be updated manually.
Would it be possible to get the output to be recognized by the DISA
STIGViewer? I'm not sure what openscap does differently from the SPAWAR SCC tool, which can be imported into the STIGViewer.
The openscap xml output is also not processed by the vulnerator tool,
but it will handle the SCC xml files.
OpenSCAP generates SCAP content. STIGViewer (and SCC) built in DISA's proprietary extensions/formats.
In theory this would be a matter of applying an XSLT to restructure the properly formatted SCAP results into whatever DISA needs. _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists. fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@ lists.fedorahosted.org
-- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788
-- This account not approved for unencrypted proprietary information --
--001a114e7e887ee173055707d587 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div><div>Please do ask DISA to support the standard = SCAP formats if at all possible.<br><br></div>I haven't been able to fi= nd any of their internal formats yet I'm trying to automate the generat= ion of content for them.<br><br></div>This really is not helpful to their u= ser base.<br><br></div>Trevor<br></div><div class=3D"gmail_extra"><br><div = class=3D"gmail_quote">On Thu, Aug 17, 2017 at 9:58 PM, Shawn Wells <span di= r=3D"ltr"><<a href=3D"Caution-mailto:shawn@redhat.com" target=3D"_blank">shawn@r= edhat.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style= =3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span cl= ass=3D""><br> <br> On 8/17/17 1:02 PM, Paige, David B CTR USARMY ICOE (US) wrote:<br> > The DISA STIGViewer isn't about to correlate the Redhat STIG with = any of the items from a Rhel/CentOS xml file created by openscap.=C2=A0 Thi= s means that all of the items must be updated manually.<br> ><br> > Would it be possible to get the output to be recognized by the DISA ST= IGViewer?=C2=A0 I'm not sure what openscap does differently from the SP= AWAR SCC tool, which can be imported into the STIGViewer.<br> ><br> > The openscap xml output is also not processed by the vulnerator tool, = but it will handle the SCC xml files.<br> <br> </span>OpenSCAP generates SCAP content. STIGViewer (and SCC) built in DISA&= #39;s<br> proprietary extensions/formats.<br> <br> In theory this would be a matter of applying an XSLT to restructure the<br> properly formatted SCAP results into whatever DISA needs.<br> <div class=3D"HOEnZb"><div class=3D"h5">______________________________<wbr>= _________________<br> scap-security-guide mailing list -- <a href=3D"Caution-mailto:scap-security-guide@l= ists.fedorahosted.org">scap-security-guide@lists.<wbr>fedorahosted.org</a><= br> To unsubscribe send an email to <a href=3D"Caution-mailto:scap-security-guide-leave= @lists.fedorahosted.org">scap-security-guide-leave@<wbr>lists.fedorahosted.= org</a><br> </div></div></blockquote></div><br><br clear=3D"all"><br>-- <br><div class= =3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr"><d= iv><div dir=3D"ltr"><div>Trevor Vaughan<br>Vice President, Onyx Point, Inc<= br></div><div>(410) 541-6699 x788<br></div><div><br>-- This account not app= roved for unencrypted proprietary information --</div></div></div></div></d= iv> </div>
--001a114e7e887ee173055707d587--
Date: Fri, 18 Aug 2017 12:12:53 -0400 From: Shawn Wells shawn@redhat.com Subject: Re: oscap output and STIG Viewer To: scap-security-guide@lists.fedorahosted.org Message-ID: 8b800cd7-e1c5-aa39-61b7-471730ba9117@redhat.com Content-Type: text/plain; charset=utf-8
On 8/18/17 10:20 AM, Trevor Vaughan wrote: Please do ask DISA to support the standard SCAP formats if at all possible.
I haven't been able to find any of their internal formats yet I'm trying to automate the generation of content for them.
This really is not helpful to their user base.
Having end-customers/users make the requests would be ideal:
Caution-https://iase.disa.mil/stigs/Pages/contact.aspx
disa.stig_spt@mail.mil
Date: Fri, 18 Aug 2017 16:18:14 +0000 From: "Paige, David B CTR USARMY ICOE (US)" david.b.paige.ctr@mail.mil Subject: RE: [Non-DoD Source] Re: oscap output and STIG Viewer To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Message-ID: 6BE43602BC42C149A3F61277E163DC2FC845A054@USATHU5D.easf.csd.disa.mil Content-Type: text/plain; charset="utf-8"
I will drop them a note and see if they have any plans to support the standard SCAP formats.
-----Original Message----- From: Shawn Wells [Caution-mailto:shawn@redhat.com] Sent: Friday, August 18, 2017 9:13 AM To: scap-security-guide@lists.fedorahosted.org Subject: [Non-DoD Source] Re: oscap output and STIG Viewer
All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.
On 8/18/17 10:20 AM, Trevor Vaughan wrote: Please do ask DISA to support the standard SCAP formats if at all possible.
I haven't been able to find any of their internal formats yet I'm trying to automate the generation of content for them.
This really is not helpful to their user base.
Having end-customers/users make the requests would be ideal:
Caution-Caution-https://iase.disa.mil/stigs/Pages/contact.aspx
disa.stig_spt@mail.mil _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
Date: Fri, 18 Aug 2017 17:36:19 +0000 From: "Paige, David B CTR USARMY ICOE (US)" david.b.paige.ctr@mail.mil Subject: RE: [Non-DoD Source] Re: oscap output and STIG Viewer To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Message-ID: 6BE43602BC42C149A3F61277E163DC2FC845A07C@USATHU5D.easf.csd.disa.mil Content-Type: text/plain; charset="utf-8"
OpenSCAP will not be supported. There is a benchmark in development which will correspond to the RHEL7 STIG.
-----Original Message----- From: Shawn Wells [Caution-mailto:shawn@redhat.com] Sent: Friday, August 18, 2017 9:13 AM To: scap-security-guide@lists.fedorahosted.org Subject: [Non-DoD Source] Re: oscap output and STIG Viewer
All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.
On 8/18/17 10:20 AM, Trevor Vaughan wrote: Please do ask DISA to support the standard SCAP formats if at all possible.
I haven't been able to find any of their internal formats yet I'm trying to automate the generation of content for them.
This really is not helpful to their user base.
Having end-customers/users make the requests would be ideal:
Caution-Caution-https://iase.disa.mil/stigs/Pages/contact.aspx
disa.stig_spt@mail.mil _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
Date: Fri, 18 Aug 2017 17:46:29 +0000 From: "Albrecht, Thomas C" thomas.c.albrecht@lmco.com Subject: RE: [Non-DoD Source] Re: oscap output and STIG Viewer To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Message-ID: C9A4ECF8605EE84C8635B172500B6DFB02C83791@HVXDSP24.us.lmco.com Content-Type: text/plain; charset="utf-8"
Sadly, this is the response I expected. DISA is not being asked to support OpenSCAP. They're being asked to comply with SCAP, which, last time I checked, is a standard published by NIST.
Embrace and extend.
Tom A.
-----Original Message----- From: Paige, David B CTR USARMY ICOE (US) [Caution-mailto:david.b.paige.ctr@mail.mil] Sent: Friday, August 18, 2017 1:36 PM To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Subject: EXTERNAL: RE: [Non-DoD Source] Re: oscap output and STIG Viewer
OpenSCAP will not be supported. There is a benchmark in development which will correspond to the RHEL7 STIG.
-----Original Message----- From: Shawn Wells [Caution-mailto:shawn@redhat.com] Sent: Friday, August 18, 2017 9:13 AM To: scap-security-guide@lists.fedorahosted.org Subject: [Non-DoD Source] Re: oscap output and STIG Viewer
All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.
On 8/18/17 10:20 AM, Trevor Vaughan wrote: Please do ask DISA to support the standard SCAP formats if at all possible.
I haven't been able to find any of their internal formats yet I'm trying to automate the generation of content for them.
This really is not helpful to their user base.
Having end-customers/users make the requests would be ideal:
Caution-Caution-https://iase.disa.mil/stigs/Pages/contact.aspx
disa.stig_spt@mail.mil _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
Subject: Digest Footer
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
End of scap-security-guide Digest, Vol 71, Issue 10
------------------------------
Date: Fri, 18 Aug 2017 15:30:37 -0400 From: Trevor Vaughan tvaughan@onyxpoint.com Subject: Re: [Non-DoD Source] Re: oscap output and STIG Viewer To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Message-ID: CANs+FoW4ETsvrmJ6Jt-6UR0DdarO60B042dRfYCoRLoEPNW5rQ@mail.gmail.com Content-Type: multipart/alternative; boundary="94eb2c08b7e4ef108905570c2937"
--94eb2c08b7e4ef108905570c2937 Content-Type: text/plain; charset="UTF-8"
I don't quite follow.
I thought that the OpenSCAP output was SCAP standard compliant since it's one of the validated scanners?
I guess I'm missing what they can't support? Is it the Data Streams, individual files, something else?
Trevor
On Fri, Aug 18, 2017 at 1:46 PM, Albrecht, Thomas C < thomas.c.albrecht@lmco.com> wrote:
Sadly, this is the response I expected. DISA is not being asked to support OpenSCAP. They're being asked to comply with SCAP, which, last time I checked, is a standard published by NIST.
Embrace and extend.
Tom A.
-----Original Message----- From: Paige, David B CTR USARMY ICOE (US) [mailto:david.b.paige.ctr@ mail.mil] Sent: Friday, August 18, 2017 1:36 PM To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Subject: EXTERNAL: RE: [Non-DoD Source] Re: oscap output and STIG Viewer
OpenSCAP will not be supported. There is a benchmark in development which will correspond to the RHEL7 STIG.
-----Original Message----- From: Shawn Wells [mailto:shawn@redhat.com] Sent: Friday, August 18, 2017 9:13 AM To: scap-security-guide@lists.fedorahosted.org Subject: [Non-DoD Source] Re: oscap output and STIG Viewer
All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.
On 8/18/17 10:20 AM, Trevor Vaughan wrote:
Please do ask DISA to support the standard SCAP formats if at all possible.
I haven't been able to find any of their internal formats yet I'm trying to automate the generation of content for them.
This really is not helpful to their user base.
Having end-customers/users make the requests would be ideal:
Caution-https://iase.disa.mil/stigs/Pages/contact.aspx
disa.stig_spt@mail.mil _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists. fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@ lists.fedorahosted.org _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists. fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@ lists.fedorahosted.org _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists. fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@ lists.fedorahosted.org
scap-security-guide@lists.fedorahosted.org