Re: [RFE] [RFC] Define way / policy for the expected form of XCCDF rules' names (possible to use interrogative form instead of current's imperative one?)

[Shawn Wells]

On 12/6/13, 8:50 AM, Peter Vrabec wrote:
Hi,
On 12/05/2013 08:08 PM, Jan Lieskovsky wrote:
Hello Leland,

----- Original Message -----
From: "Leland J Sr CTR DISA FSO Steinke (US)" 
<leland.j.steinke....@mail.mil>
To: scap-security-guide@lists.fedorahosted.org
Sent: Thursday, December 5, 2013 5:36:59 PM
Subject: RE: [RFE] [RFC] Define way / policy for the expected form 
of XCCDF    rules' names (possible to use
interrogative form instead of current's    imperative one?)

Is there a reason the declarative form for Rule names could not be 
used?  Per
Shawn's comment, are they considered too strong?

There's nothing wrong with the declarative form for the Rule names, 
when it's
used in form of a guide document (it's actually expected there).

But besides in the guide (HTML form) they might / are be used by 
scanning tools
to identify rule names during scan too - have a look at images in:
https://fedorahosted.org/scap-workbench/

Would be possible to rename a rule into a form that would make sense 
for both use cases? I mean guide and scanner.

Example:
"Set Password Minimum Age" -> "Password Minimum Age"
"Verify No netrc Files Exist" -> "netrc Files Do Not Exist"


In this context rule name in the form of 'Set Minimum Password Length'
might induce the impression in the user that the scanning tool is
actually always attempting to set something, which is not the case, 
when performing
the scan.

I agree with Jan that seeing "Set Password Minimum Age - Fail" in a 
scanner is misleading and from user experience perspective undesirable.


So then, any volunteers to go through the ~400 XCCDF rules and update 
their titles?




So rule name in form 'Set something' and having result fail might lead
to confusion the OS feature / property was attempted to be properly 
set /
configured and that attempt failed (which is not the case) instead of
that the property was just scanned for match / compliance with the 
expected
state and didn't meet the requirement (true result).

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team


Peter. 


--
Shawn Wells
Director, Innovation Programs
sh...@redhat.com | 443.534.0130
@shawndwells

_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide