Yes. Greatly! Red Hat responds to industry generated CCE's while DISA will
eventually generate CCI's mapped to their current STIG release?
Both SRG & CCI references appear to be falling from grace as far as providing
stability for shared rule references (multi-platform from a Red Hat
perspective),and ...we can only guess for DISA. I have an unrelated question
to XCCDF_POLICY engine which I'll put in another thread. Thank you for
clarification!
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
https://github.com/OpenSCAP/scap-security-guide/
