Using this site as a way to to look at the STIG: https://cyber.trackr.live/stig/Windows_10_STIG/1/15 and looking at V-77189, I don't see anything that indicates that it's a manual check. Maybe I'm missing something. Using the same site and going to the SCAP area and looking at the same version in SCAP format, that check (and others) are not in the SCAP.
This came up because some of our folks were scanning a system using the SCAP Compliance Checker tool and another was using a Nessus audit file (that has all the checks in the STIG enabled) and the percentage pass was much higher using the SCAP tool since several checks were not in the SCAP content. On Fri, Oct 11, 2019, at 3:28 PM, Gabe Alford wrote: > Are the checks manual checks and can't be automated through SCAP? > > On Fri, Oct 11, 2019 at 3:26 PM <joes...@mm.st> wrote: > > This may be the wrong place to ask this, but I've been looking at this for > > hours and was hoping someone could either explain what I'm seeing or point > > to someplace that I can ask. > > > > I am trying to understand why several checks are missing using the SCAP > > content with the SCAP Compliance Checker 5.2.1. Using the SCAP content for > > Windows 10 (V1R15) and comparing to the STIG of the same version there are > > several checks for Exploit Protection that is not in the SCAP content, but > > are listed in the STIG. > > > > For example V-77097 (WN10-EP-000040), V-77101 (WN10-EP-000050) are > > missing. There are several others as well for Exploit Protection. Shouldn't > > the SCAP content for V1R15 match what the STIG of the same version states > > that needs to be checked. > > > > What am I missing? > > > > Thank You > > _______________________________________________ > > scap-security-guide mailing list -- > > scap-security-gu...@lists.fedorahosted.org > > To unsubscribe send an email to > > scap-security-guide-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/scap-security-gu...@lists.fedorahosted.org > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
