Classification: UNCLASSIFIED Caveats: NONE During the public comment period, should I be sending comments to DISA regarding the benchmark content (which they didn't include in their download), or just regarding the prose (e.g. "I would like to see ___ as an acceptable setting as well as the stated value of ____")?
I have about 67 total checks that are failing (using SCC 3.1...getting somewhat different results with Open SCAP 0.9.3, which I will have more details on later). Many of them are false positives (they comply with the prose, but - IMHO - the benchmark check is getting it wrong). For the others, I'd like a change in the actual requirement. I just want to make sure I'm reporting the right things to the right place. [I also plan to try to "become a developer" and make contributions so I don't just feel like I'm complaining, but editing this sort of content is new to me.] The benchmark content I'm using is the recently rebased RPM (scap-security-guide-0.1-10.el6.noarch.rpm). Thanks, -- Ray Shaw Contractor, STG Unix support, Army Research Labs Classification: UNCLASSIFIED Caveats: NONE
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
