I used SSG content and openscap. I have also used the SSG content with the SCC tool. However, it was not acceptable to them either, but it made going through the the checks manually a breeze.
R/ Brian Peake On Feb 26, 2014, at 12:02 AM, "Kachigian, Christopher R" <[email protected]> wrote: > I donĀ¹t believe there is official approval. I have used the SSG for a > scan submitted for approval recently but the documentation package is > still under review. I can let this group know when it comes back if it > was accepted or not. > -- > Chris Kachigian > StarVision Platform Product Manager > Lockheed Martin IS&GS Engineering & Technology > O: 301-240-7709 | C: 215-359-6331 > > > > > > > On 2/25/14, 3:44 PM, "Bailey, Christopher D CTR USARMY AMRDEC (US)" > <[email protected]> wrote: > >> Classification: UNCLASSIFIED >> Caveats: NONE >> >> Does anyone know if there's been an official approval from DISA for the >> use of SSG content and the openSCAP utility on RHEL 6 systems for >> providing official vulnerability reports to IA inspectors? Our local IA >> folks tell us that SCC is the only DISA approved/provided product that >> we can use for scanning our systems and providing scan results to IA for >> inspection and analysis. However, SCC only provides content up to RHEL >> 5, which is of no help with RHEL 6. We have our own homemade script for >> scanning, but that's only good for in-house use. We need something for >> producing official SCAP formatted vulnerability reports. We believe our >> best option for automated scanning is the openSCAP tool with SSG >> content, which is what we want to use, but there doesn't seem to be any >> official acceptance for its use. >> >> Basically, my IA folks want to see something in writing from DISA that >> says they officially approve the use of SSG content and the openSCAP >> tool for proving IA compliance on RHEL 6 systems. I know that the DISA >> FSO is working closely with Red Hat on SSG, but I can't find anything >> like an official release from DISA. >> >> Thanks. >> >> >> Classification: UNCLASSIFIED >> Caveats: NONE >> >> >> _______________________________________________ >> scap-security-guide mailing list >> [email protected] >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
