> On Wed, Mar 25, 2015 at 11:04 AM, Shawn Wells <sh...@redhat.com> wrote:
>> What other topics/questions should be covered? Feel free to edit the wiki >> directly or reply to the list! This feedback will be driven into our >> wikis/manuals, and formal docs off redhat.com. Why are the Vulnerability IDs different for the issue across different STIGs? - Blame DISA Where are the STIGs located? - iase.disa.mil Is there a tool that correlates STIG Vuln IDs to CCE numbers, Nessus plugins, or XYZ? - Dunno. To answer questions 4 and 5, right now I'd say "The STIG is a basis for measurement. The SCAP content contains some STIG material as well as community best practice." Leam -- Mind on a Mission -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
