For what its worth, I was able to perform scans on Windows with OpenSCAP 1.3.0 using the following DISA STIG benchmarks:
Google Chrome Adobe Acrobat DC Windows Defender Windows Firewall Windows 10 All of the scans work. However, Windows 10 results were a bit off. Allot of unknowns and false positives. This could be an issue with the benchmark, however it works fine in SCAP Compliance Checker. All others were spot on. I was also able to import my results from the scan into the STIG Viewer to populate the results into a checklist. Excellent work! Best regards, Trey Henefield, CISSP Senior IAVA Engineer Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA trey.henefi...@ultra-ats.com Tel: +1 512 327 6795 ext. 647 Fax: +1 512 327 8043 Mobile: +1 512 541 6450 -----Original Message----- From: open-scap-list-boun...@redhat.com <open-scap-list-boun...@redhat.com> On Behalf Of Shawn Wells Sent: Tuesday, October 9, 2018 10:53 AM To: open-scap-list@redhat.com Subject: Re: [Open-scap] OpenSCAP 1.3.0 On 10/9/18 7:38 AM, Jan Cerny wrote: > Hello OpenSCAPers, > > We are thrilled to announce general availability of OpenSCAP 1.3.0 release. > > This is the first release from maint-1.3 maintenance branch. API/ABI > is not compatible with 1.2.x releases. API/ABI is not compatible with > 1.3.0_alpha releases. > > Changes from 1.3.0_alpha2: > - New features > - Introduced a virtual '(all)' profile selecting all rules > - Verbose mode is a global option in all modules > - Added Microsoft Windows CPEs > - oscap-ssh can supply SSH options into an environment variable > - Maintenance > - Removed SEXP parser > - Added Fedora 30 CPE > - Fixed many Coverity defects (memory leaks etc.) > - SCE builds are enabled by default > - Moved many low-level functions out of public API > - Removed unused and dead code > - Updated manual pages > - Numerous small fixes > > Key differences from 1.2.x series: > - Basic Microsoft Windows support > - Removed deprecated command line interfaces > - Removed deprecated API symbols > - Probes are not separate processes anymore > - CMake used as build system > - CTest used as a test framework > > Download: > https://github.com/OpenSCAP/openscap/releases/download/1.3.0/openscap-1.3.0.tar.gz > > SHA512: > 9405d0f17b60ab4a52ddd0f49d0e2395eb2540f0d07d68dfd142e2b8b2988e88cf1272 > 30523e68f67d3d22a6dd4eb2397f9468c923d19bb7cb059abf487ab5a1 > > Audit, Fix, And Be Merry! Thanks Jan! How far along is Windows support? Saw the mention of 'basic' -- but how should OpenSCAP on Windows be positioned? For example: - How many Windows probes are implemented? - Does OpenSCAP on Windows pass the NIST automated tooling? - Where can we send people who want to find out more? _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list Disclaimer The information contained in this communication from trey.henefi...@ultra-ats.com sent at 2018-10-09 12:08:47 is confidential and may be legally privileged. It is intended solely for use by open-scap-list@redhat.com and others authorized to receive it. If you are not open-scap-list@redhat.com you are hereby notified that any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful.
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
