On 3/17/13 1:41 PM, Jeffrey Blank wrote:
A question for the list:
Who uses CCE identifiers (and for what)?
I find them (informally) useful since they provide a unique identifier
for a particular knob. Of course, internal to the project, the XCCDF
Rule id fulfills a similar role, though we'll have both.
(I also have some reservations about CCE implementation and format, but
those are not related to this inquiry, nor am I soliciting for those!)
I'm simply curious about uses of CCE in RHEL security guidance,
particularly that which would be derived from the project.
Personally I never use them, or even talk about them. When going through
compliance processes I've found C&A stakeholders want to know about
/their/ requirement, e.g. OS SRG or NIST 800-53 reference.
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
