The manual STIG is meant to be read, the Benchmarks seem to be automated implementations of the STIG. Not everything that can be automated is in the benchmark, though I think that's the general direction. The benchmarks are used by tools like the SCC tool and StigViewer.
On Thu, Jul 14, 2016 at 9:31 AM, Chun Tat David Chu < [email protected]> wrote: > Hi all, > > Why there is a need of a manual STIG and a benchmark STIG? Both STIGs are > in SCAP XCDDF format. Can't both be combined? > > http://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx > > Thanks, > > David > > -- > SCAP Security Guide mailing list > [email protected] > > https://lists.fedorahosted.org/admin/lists/[email protected] > https://github.com/OpenSCAP/scap-security-guide/ > > -- Mind on a Mission <http://leamhall.blogspot.com/>
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
