The DISA STIG Viewer accepts xccdf results files. Is this the format which openscap is using?
-----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, August 18, 2017 1:47 PM To: [email protected] Subject: [Non-DoD Source] scap-security-guide Digest, Vol 71, Issue 10 All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. ---- Send scap-security-guide mailing list submissions to [email protected] To subscribe or unsubscribe via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of scap-security-guide digest..." Today's Topics: 1. Re: oscap output and STIG Viewer (Trevor Vaughan) 2. Re: oscap output and STIG Viewer (Shawn Wells) 3. RE: [Non-DoD Source] Re: oscap output and STIG Viewer (Paige, David B CTR USARMY ICOE (US)) 4. RE: [Non-DoD Source] Re: oscap output and STIG Viewer (Paige, David B CTR USARMY ICOE (US)) 5. RE: [Non-DoD Source] Re: oscap output and STIG Viewer (Albrecht, Thomas C) ---------------------------------------------------------------------- Date: Fri, 18 Aug 2017 10:20:41 -0400 From: Trevor Vaughan <[email protected]> Subject: Re: oscap output and STIG Viewer To: SCAP Security Guide <[email protected]> Message-ID: <cans+fouidyaaoodj9mh4ku8g_ce56bobmqkguttbvcgmggd...@mail.gmail.com> Content-Type: multipart/alternative; boundary="001a114e7e887ee173055707d587" --001a114e7e887ee173055707d587 Content-Type: text/plain; charset="UTF-8" Please do ask DISA to support the standard SCAP formats if at all possible. I haven't been able to find any of their internal formats yet I'm trying to automate the generation of content for them. This really is not helpful to their user base. Trevor On Thu, Aug 17, 2017 at 9:58 PM, Shawn Wells <[email protected]> wrote: > > > On 8/17/17 1:02 PM, Paige, David B CTR USARMY ICOE (US) wrote: > > The DISA STIGViewer isn't about to correlate the Redhat STIG with any of > the items from a Rhel/CentOS xml file created by openscap. This means that > all of the items must be updated manually. > > > > Would it be possible to get the output to be recognized by the DISA > STIGViewer? I'm not sure what openscap does differently from the SPAWAR > SCC tool, which can be imported into the STIGViewer. > > > > The openscap xml output is also not processed by the vulnerator tool, > but it will handle the SCC xml files. > > OpenSCAP generates SCAP content. STIGViewer (and SCC) built in DISA's > proprietary extensions/formats. > > In theory this would be a matter of applying an XSLT to restructure the > properly formatted SCAP results into whatever DISA needs. > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information -- --001a114e7e887ee173055707d587 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div><div><div>Please do ask DISA to support the standard = SCAP formats if at all possible.<br><br></div>I haven't been able to fi= nd any of their internal formats yet I'm trying to automate the generat= ion of content for them.<br><br></div>This really is not helpful to their u= ser base.<br><br></div>Trevor<br></div><div class=3D"gmail_extra"><br><div = class=3D"gmail_quote">On Thu, Aug 17, 2017 at 9:58 PM, Shawn Wells <span di= r=3D"ltr"><<a href=3D"Caution-mailto:[email protected]"; target=3D"_blank">shawn@r= edhat.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style= =3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span cl= ass=3D""><br> <br> On 8/17/17 1:02 PM, Paige, David B CTR USARMY ICOE (US) wrote:<br> > The DISA STIGViewer isn't about to correlate the Redhat STIG with = any of the items from a Rhel/CentOS xml file created by openscap.=C2=A0 Thi= s means that all of the items must be updated manually.<br> ><br> > Would it be possible to get the output to be recognized by the DISA ST= IGViewer?=C2=A0 I'm not sure what openscap does differently from the SP= AWAR SCC tool, which can be imported into the STIGViewer.<br> ><br> > The openscap xml output is also not processed by the vulnerator tool, = but it will handle the SCC xml files.<br> <br> </span>OpenSCAP generates SCAP content. STIGViewer (and SCC) built in DISA&= #39;s<br> proprietary extensions/formats.<br> <br> In theory this would be a matter of applying an XSLT to restructure the<br> properly formatted SCAP results into whatever DISA needs.<br> <div class=3D"HOEnZb"><div class=3D"h5">______________________________<wbr>= _________________<br> scap-security-guide mailing list -- <a href=3D"Caution-mailto:scap-security-guide@l= ists.fedorahosted.org">scap-security-guide@lists.<wbr>fedorahosted.org</a><= br> To unsubscribe send an email to <a href=3D"Caution-mailto:scap-security-guide-leave= @lists.fedorahosted.org">scap-security-guide-leave@<wbr>lists.fedorahosted.= org</a><br> </div></div></blockquote></div><br><br clear=3D"all"><br>-- <br><div class= =3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr"><d= iv><div dir=3D"ltr"><div>Trevor Vaughan<br>Vice President, Onyx Point, Inc<= br></div><div>(410) 541-6699 x788<br></div><div><br>-- This account not app= roved for unencrypted proprietary information --</div></div></div></div></d= iv> </div> --001a114e7e887ee173055707d587-- ------------------------------ Date: Fri, 18 Aug 2017 12:12:53 -0400 From: Shawn Wells <[email protected]> Subject: Re: oscap output and STIG Viewer To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset=utf-8 On 8/18/17 10:20 AM, Trevor Vaughan wrote: > Please do ask DISA to support the standard SCAP formats if at all > possible. > > I haven't been able to find any of their internal formats yet I'm > trying to automate the generation of content for them. > > This really is not helpful to their user base. Having end-customers/users make the requests would be ideal: Caution-https://iase.disa.mil/stigs/Pages/contact.aspx [email protected] ------------------------------ Date: Fri, 18 Aug 2017 16:18:14 +0000 From: "Paige, David B CTR USARMY ICOE (US)" <[email protected]> Subject: RE: [Non-DoD Source] Re: oscap output and STIG Viewer To: SCAP Security Guide <[email protected]> Message-ID: <6be43602bc42c149a3f61277e163dc2fc845a...@usathu5d.easf.csd.disa.mil> Content-Type: text/plain; charset="utf-8" I will drop them a note and see if they have any plans to support the standard SCAP formats. -----Original Message----- From: Shawn Wells [Caution-mailto:[email protected]] Sent: Friday, August 18, 2017 9:13 AM To: [email protected] Subject: [Non-DoD Source] Re: oscap output and STIG Viewer All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. ---- On 8/18/17 10:20 AM, Trevor Vaughan wrote: > Please do ask DISA to support the standard SCAP formats if at all > possible. > > I haven't been able to find any of their internal formats yet I'm > trying to automate the generation of content for them. > > This really is not helpful to their user base. Having end-customers/users make the requests would be ideal: Caution-Caution-https://iase.disa.mil/stigs/Pages/contact.aspx [email protected] _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] ------------------------------ Date: Fri, 18 Aug 2017 17:36:19 +0000 From: "Paige, David B CTR USARMY ICOE (US)" <[email protected]> Subject: RE: [Non-DoD Source] Re: oscap output and STIG Viewer To: SCAP Security Guide <[email protected]> Message-ID: <6be43602bc42c149a3f61277e163dc2fc845a...@usathu5d.easf.csd.disa.mil> Content-Type: text/plain; charset="utf-8" OpenSCAP will not be supported. There is a benchmark in development which will correspond to the RHEL7 STIG. -----Original Message----- From: Shawn Wells [Caution-mailto:[email protected]] Sent: Friday, August 18, 2017 9:13 AM To: [email protected] Subject: [Non-DoD Source] Re: oscap output and STIG Viewer All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. ---- On 8/18/17 10:20 AM, Trevor Vaughan wrote: > Please do ask DISA to support the standard SCAP formats if at all > possible. > > I haven't been able to find any of their internal formats yet I'm > trying to automate the generation of content for them. > > This really is not helpful to their user base. Having end-customers/users make the requests would be ideal: Caution-Caution-https://iase.disa.mil/stigs/Pages/contact.aspx [email protected] _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] ------------------------------ Date: Fri, 18 Aug 2017 17:46:29 +0000 From: "Albrecht, Thomas C" <[email protected]> Subject: RE: [Non-DoD Source] Re: oscap output and STIG Viewer To: SCAP Security Guide <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="utf-8" Sadly, this is the response I expected. DISA is not being asked to support OpenSCAP. They're being asked to comply with SCAP, which, last time I checked, is a standard published by NIST. Embrace and extend. Tom A. -----Original Message----- From: Paige, David B CTR USARMY ICOE (US) [Caution-mailto:[email protected]] Sent: Friday, August 18, 2017 1:36 PM To: SCAP Security Guide <[email protected]> Subject: EXTERNAL: RE: [Non-DoD Source] Re: oscap output and STIG Viewer OpenSCAP will not be supported. There is a benchmark in development which will correspond to the RHEL7 STIG. -----Original Message----- From: Shawn Wells [Caution-mailto:[email protected]] Sent: Friday, August 18, 2017 9:13 AM To: [email protected] Subject: [Non-DoD Source] Re: oscap output and STIG Viewer All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. ---- On 8/18/17 10:20 AM, Trevor Vaughan wrote: > Please do ask DISA to support the standard SCAP formats if at all > possible. > > I haven't been able to find any of their internal formats yet I'm > trying to automate the generation of content for them. > > This really is not helpful to their user base. Having end-customers/users make the requests would be ideal: Caution-Caution-https://iase.disa.mil/stigs/Pages/contact.aspx [email protected] _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] ------------------------------ Subject: Digest Footer _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] ------------------------------ End of scap-security-guide Digest, Vol 71, Issue 10 ***************************************************
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
