I suspect it is the 1.2 that may be causing the problems. We can look into it on our end because we are publishing a Windows benchmark in that format.
-----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, August 18, 2017 3:31 PM To: [email protected] Subject: [Non-DoD Source] scap-security-guide Digest, Vol 71, Issue 12 Send scap-security-guide mailing list submissions to [email protected] To subscribe or unsubscribe via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of scap-security-guide digest..." Today's Topics: 1. Re: [Non-DoD Source] scap-security-guide Digest, Vol 71, Issue 10 (Shawn Wells) 2. Re: [Non-DoD Source] Re: oscap output and STIG Viewer (Trevor Vaughan) ---------------------------------------------------------------------- Date: Fri, 18 Aug 2017 14:56:10 -0400 From: Shawn Wells <[email protected]> Subject: Re: [Non-DoD Source] scap-security-guide Digest, Vol 71, Issue 10 To: SCAP Security Guide <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset=us-ascii Hey Jason, Thanks for the response! OpenSCAP can generate ARF, OVAL results, XCCDF results in SCAP 1.2 formats. Shawn > On Aug 18, 2017, at 1:52 PM, Mackanick, Jason W CIV DISA RE (US) > <[email protected]> wrote: > > The DISA STIG Viewer accepts xccdf results files. Is this the format which > openscap is using? > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > Sent: Friday, August 18, 2017 1:47 PM > To: [email protected] > Subject: [Non-DoD Source] scap-security-guide Digest, Vol 71, Issue 10 > > All active links contained in this email were disabled. Please verify the > identity of the sender, and confirm the authenticity of all links contained > within the message prior to copying and pasting the address to a Web browser. > > > > > > ---- > > Send scap-security-guide mailing list submissions to > [email protected] > > To subscribe or unsubscribe via email, send a message with subject or > body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of scap-security-guide digest..." > > Today's Topics: > > 1. Re: oscap output and STIG Viewer (Trevor Vaughan) > 2. Re: oscap output and STIG Viewer (Shawn Wells) > 3. RE: [Non-DoD Source] Re: oscap output and STIG Viewer > (Paige, David B CTR USARMY ICOE (US)) > 4. RE: [Non-DoD Source] Re: oscap output and STIG Viewer > (Paige, David B CTR USARMY ICOE (US)) > 5. RE: [Non-DoD Source] Re: oscap output and STIG Viewer > (Albrecht, Thomas C) > > > ---------------------------------------------------------------------- > > Date: Fri, 18 Aug 2017 10:20:41 -0400 > From: Trevor Vaughan <[email protected]> > Subject: Re: oscap output and STIG Viewer > To: SCAP Security Guide <[email protected]> > Message-ID: > <cans+fouidyaaoodj9mh4ku8g_ce56bobmqkguttbvcgmggd...@mail.gmail.com> > Content-Type: multipart/alternative; > boundary="001a114e7e887ee173055707d587" > > --001a114e7e887ee173055707d587 > Content-Type: text/plain; charset="UTF-8" > > Please do ask DISA to support the standard SCAP formats if at all possible. > > I haven't been able to find any of their internal formats yet I'm trying to > automate the generation of content for them. > > This really is not helpful to their user base. > > Trevor > >> On Thu, Aug 17, 2017 at 9:58 PM, Shawn Wells <[email protected]> wrote: >> >> >> >>> On 8/17/17 1:02 PM, Paige, David B CTR USARMY ICOE (US) wrote: >>> The DISA STIGViewer isn't about to correlate the Redhat STIG with any of >> the items from a Rhel/CentOS xml file created by openscap. This means that >> all of the items must be updated manually. >>> >>> Would it be possible to get the output to be recognized by the DISA >> STIGViewer? I'm not sure what openscap does differently from the SPAWAR >> SCC tool, which can be imported into the STIGViewer. >>> >>> The openscap xml output is also not processed by the vulnerator tool, >> but it will handle the SCC xml files. >> >> OpenSCAP generates SCAP content. STIGViewer (and SCC) built in DISA's >> proprietary extensions/formats. >> >> In theory this would be a matter of applying an XSLT to restructure the >> properly formatted SCAP results into whatever DISA needs. >> _______________________________________________ >> scap-security-guide mailing list -- scap-security-guide@lists. >> fedorahosted.org >> To unsubscribe send an email to scap-security-guide-leave@ >> lists.fedorahosted.org >> > > > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 x788 > > -- This account not approved for unencrypted proprietary information -- > > --001a114e7e887ee173055707d587 > Content-Type: text/html; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > <div dir=3D"ltr"><div><div><div>Please do ask DISA to support the standard = > SCAP formats if at all possible.<br><br></div>I haven't been able to fi= > nd any of their internal formats yet I'm trying to automate the generat= > ion of content for them.<br><br></div>This really is not helpful to their u= > ser base.<br><br></div>Trevor<br></div><div class=3D"gmail_extra"><br><div = > class=3D"gmail_quote">On Thu, Aug 17, 2017 at 9:58 PM, Shawn Wells <span di= > r=3D"ltr"><<a href=3D"Caution-mailto:[email protected]"; > target=3D"_blank">shawn@r= > edhat.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style= > =3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span cl= > ass=3D""><br> > <br> > On 8/17/17 1:02 PM, Paige, David B CTR USARMY ICOE (US) wrote:<br> > > The DISA STIGViewer isn't about to correlate the Redhat STIG with = > any of the items from a Rhel/CentOS xml file created by openscap.=C2=A0 Thi= > s means that all of the items must be updated manually.<br> > ><br> > > Would it be possible to get the output to be recognized by the DISA ST= > IGViewer?=C2=A0 I'm not sure what openscap does differently from the SP= > AWAR SCC tool, which can be imported into the STIGViewer.<br> > ><br> > > The openscap xml output is also not processed by the vulnerator tool, = > but it will handle the SCC xml files.<br> > <br> > </span>OpenSCAP generates SCAP content. STIGViewer (and SCC) built in DISA&= > #39;s<br> > proprietary extensions/formats.<br> > <br> > In theory this would be a matter of applying an XSLT to restructure the<br> > properly formatted SCAP results into whatever DISA needs.<br> > <div class=3D"HOEnZb"><div class=3D"h5">______________________________<wbr>= > _________________<br> > scap-security-guide mailing list -- <a > href=3D"Caution-mailto:scap-security-guide@l= > ists.fedorahosted.org">scap-security-guide@lists.<wbr>fedorahosted.org</a><= > br> > To unsubscribe send an email to <a > href=3D"Caution-mailto:scap-security-guide-leave= > @lists.fedorahosted.org">scap-security-guide-leave@<wbr>lists.fedorahosted.= > org</a><br> > </div></div></blockquote></div><br><br clear=3D"all"><br>-- <br><div class= > =3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr"><d= > iv><div dir=3D"ltr"><div>Trevor Vaughan<br>Vice President, Onyx Point, Inc<= > br></div><div>(410) 541-6699 x788<br></div><div><br>-- This account not app= > roved for unencrypted proprietary information --</div></div></div></div></d= > iv> > </div> > > --001a114e7e887ee173055707d587-- > > ------------------------------ > > Date: Fri, 18 Aug 2017 12:12:53 -0400 > From: Shawn Wells <[email protected]> > Subject: Re: oscap output and STIG Viewer > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset=utf-8 > > > >> On 8/18/17 10:20 AM, Trevor Vaughan wrote: >> Please do ask DISA to support the standard SCAP formats if at all >> possible. >> >> I haven't been able to find any of their internal formats yet I'm >> trying to automate the generation of content for them. >> >> This really is not helpful to their user base. > > Having end-customers/users make the requests would be ideal: > > Caution-https://iase.disa.mil/stigs/Pages/contact.aspx > > [email protected] > > ------------------------------ > > Date: Fri, 18 Aug 2017 16:18:14 +0000 > From: "Paige, David B CTR USARMY ICOE (US)" > <[email protected]> > Subject: RE: [Non-DoD Source] Re: oscap output and STIG Viewer > To: SCAP Security Guide <[email protected]> > Message-ID: > <6be43602bc42c149a3f61277e163dc2fc845a...@usathu5d.easf.csd.disa.mil> > Content-Type: text/plain; charset="utf-8" > > I will drop them a note and see if they have any plans to support the > standard SCAP formats. > > -----Original Message----- > From: Shawn Wells [Caution-mailto:[email protected]] > Sent: Friday, August 18, 2017 9:13 AM > To: [email protected] > Subject: [Non-DoD Source] Re: oscap output and STIG Viewer > > All active links contained in this email were disabled. Please verify the > identity of the sender, and confirm the authenticity of all links contained > within the message prior to copying and pasting the address to a Web browser. > > > > > > ---- > > > >> On 8/18/17 10:20 AM, Trevor Vaughan wrote: >> Please do ask DISA to support the standard SCAP formats if at all >> possible. >> >> I haven't been able to find any of their internal formats yet I'm >> trying to automate the generation of content for them. >> >> This really is not helpful to their user base. > > Having end-customers/users make the requests would be ideal: > > Caution-Caution-https://iase.disa.mil/stigs/Pages/contact.aspx > > [email protected] > _______________________________________________ > scap-security-guide mailing list -- [email protected] > To unsubscribe send an email to > [email protected] > > ------------------------------ > > Date: Fri, 18 Aug 2017 17:36:19 +0000 > From: "Paige, David B CTR USARMY ICOE (US)" > <[email protected]> > Subject: RE: [Non-DoD Source] Re: oscap output and STIG Viewer > To: SCAP Security Guide <[email protected]> > Message-ID: > <6be43602bc42c149a3f61277e163dc2fc845a...@usathu5d.easf.csd.disa.mil> > Content-Type: text/plain; charset="utf-8" > > OpenSCAP will not be supported. There is a benchmark in development which > will correspond to the RHEL7 STIG. > > -----Original Message----- > From: Shawn Wells [Caution-mailto:[email protected]] > Sent: Friday, August 18, 2017 9:13 AM > To: [email protected] > Subject: [Non-DoD Source] Re: oscap output and STIG Viewer > > All active links contained in this email were disabled. Please verify the > identity of the sender, and confirm the authenticity of all links contained > within the message prior to copying and pasting the address to a Web browser. > > > > > > ---- > > > >> On 8/18/17 10:20 AM, Trevor Vaughan wrote: >> Please do ask DISA to support the standard SCAP formats if at all >> possible. >> >> I haven't been able to find any of their internal formats yet I'm >> trying to automate the generation of content for them. >> >> This really is not helpful to their user base. > > Having end-customers/users make the requests would be ideal: > > Caution-Caution-https://iase.disa.mil/stigs/Pages/contact.aspx > > [email protected] > _______________________________________________ > scap-security-guide mailing list -- [email protected] > To unsubscribe send an email to > [email protected] > > ------------------------------ > > Date: Fri, 18 Aug 2017 17:46:29 +0000 > From: "Albrecht, Thomas C" <[email protected]> > Subject: RE: [Non-DoD Source] Re: oscap output and STIG Viewer > To: SCAP Security Guide <[email protected]> > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="utf-8" > > Sadly, this is the response I expected. DISA is not being asked to support > OpenSCAP. They're being asked to comply with SCAP, which, last time I > checked, is a standard published by NIST. > > Embrace and extend. > > Tom A. > > -----Original Message----- > From: Paige, David B CTR USARMY ICOE (US) > [Caution-mailto:[email protected]] > Sent: Friday, August 18, 2017 1:36 PM > To: SCAP Security Guide <[email protected]> > Subject: EXTERNAL: RE: [Non-DoD Source] Re: oscap output and STIG Viewer > > OpenSCAP will not be supported. There is a benchmark in development which > will correspond to the RHEL7 STIG. > > -----Original Message----- > From: Shawn Wells [Caution-mailto:[email protected]] > Sent: Friday, August 18, 2017 9:13 AM > To: [email protected] > Subject: [Non-DoD Source] Re: oscap output and STIG Viewer > > All active links contained in this email were disabled. Please verify the > identity of the sender, and confirm the authenticity of all links contained > within the message prior to copying and pasting the address to a Web browser. > > > > > > ---- > > > >> On 8/18/17 10:20 AM, Trevor Vaughan wrote: >> Please do ask DISA to support the standard SCAP formats if at all >> possible. >> >> I haven't been able to find any of their internal formats yet I'm >> trying to automate the generation of content for them. >> >> This really is not helpful to their user base. > > Having end-customers/users make the requests would be ideal: > > Caution-Caution-https://iase.disa.mil/stigs/Pages/contact.aspx > > [email protected] > _______________________________________________ > scap-security-guide mailing list -- [email protected] > To unsubscribe send an email to > [email protected] > _______________________________________________ > scap-security-guide mailing list -- [email protected] > To unsubscribe send an email to > [email protected] > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > scap-security-guide mailing list -- [email protected] > To unsubscribe send an email to > [email protected] > > > ------------------------------ > > End of scap-security-guide Digest, Vol 71, Issue 10 > *************************************************** ------------------------------ Date: Fri, 18 Aug 2017 15:30:37 -0400 From: Trevor Vaughan <[email protected]> Subject: Re: [Non-DoD Source] Re: oscap output and STIG Viewer To: SCAP Security Guide <[email protected]> Message-ID: <cans+fow4etsvrmj6jt-6ur0ddaro60b042drfycorloepnw...@mail.gmail.com> Content-Type: multipart/alternative; boundary="94eb2c08b7e4ef108905570c2937" --94eb2c08b7e4ef108905570c2937 Content-Type: text/plain; charset="UTF-8" I don't quite follow. I thought that the OpenSCAP output was SCAP standard compliant since it's one of the validated scanners? I guess I'm missing what they can't support? Is it the Data Streams, individual files, something else? Trevor On Fri, Aug 18, 2017 at 1:46 PM, Albrecht, Thomas C < [email protected]> wrote: > Sadly, this is the response I expected. DISA is not being asked to > support OpenSCAP. They're being asked to comply with SCAP, which, last > time I checked, is a standard published by NIST. > > Embrace and extend. > > Tom A. > > -----Original Message----- > From: Paige, David B CTR USARMY ICOE (US) [mailto:david.b.paige.ctr@ > mail.mil] > Sent: Friday, August 18, 2017 1:36 PM > To: SCAP Security Guide <[email protected]> > Subject: EXTERNAL: RE: [Non-DoD Source] Re: oscap output and STIG Viewer > > OpenSCAP will not be supported. There is a benchmark in development which > will correspond to the RHEL7 STIG. > > -----Original Message----- > From: Shawn Wells [mailto:[email protected]] > Sent: Friday, August 18, 2017 9:13 AM > To: [email protected] > Subject: [Non-DoD Source] Re: oscap output and STIG Viewer > > All active links contained in this email were disabled. Please verify the > identity of the sender, and confirm the authenticity of all links contained > within the message prior to copying and pasting the address to a Web > browser. > > > > > ---- > > > > On 8/18/17 10:20 AM, Trevor Vaughan wrote: > > Please do ask DISA to support the standard SCAP formats if at all > > possible. > > > > I haven't been able to find any of their internal formats yet I'm > > trying to automate the generation of content for them. > > > > This really is not helpful to their user base. > > Having end-customers/users make the requests would be ideal: > > Caution-https://iase.disa.mil/stigs/Pages/contact.aspx > > [email protected] > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information -- --94eb2c08b7e4ef108905570c2937 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div><div><div>I don't quite follow.<br><br></div>I th= ought that the OpenSCAP output was SCAP standard compliant since it's o= ne of the validated scanners?<br><br></div>I guess I'm missing what the= y can't support? Is it the Data Streams, individual files, something el= se?<br><br></div>Trevor<br></div><div class=3D"gmail_extra"><br><div class= =3D"gmail_quote">On Fri, Aug 18, 2017 at 1:46 PM, Albrecht, Thomas C <span = dir=3D"ltr"><<a href=3D"mailto:[email protected]"; target=3D"_bl= ank">[email protected]</a>></span> wrote:<br><blockquote class= =3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd= ing-left:1ex">Sadly, this is the response I expected.=C2=A0 DISA is not bei= ng asked to support OpenSCAP.=C2=A0 They're being asked to comply with = SCAP, which, last time I checked, is a standard published by NIST.<br> <br> Embrace and extend.<br> <br> Tom A.<br> <div class=3D"HOEnZb"><div class=3D"h5"><br> -----Original Message-----<br> From: Paige, David B CTR USARMY ICOE (US) [mailto:<a href=3D"mailto:david.b= [email protected]">david.b.paige.ctr@<wbr>mail.mil</a>]<br> Sent: Friday, August 18, 2017 1:36 PM<br> To: SCAP Security Guide <<a href=3D"mailto:[email protected]= orahosted.org">scap-security-guide@lists.<wbr>fedorahosted.org</a>><br> Subject: EXTERNAL: RE: [Non-DoD Source] Re: oscap output and STIG Viewer<br= > <br> OpenSCAP will not be supported.=C2=A0 There is a benchmark in development w= hich will correspond to the RHEL7 STIG.<br> <br> -----Original Message-----<br> From: Shawn Wells [mailto:<a href=3D"mailto:[email protected]";>shawn@redhat.= com</a>]<br> Sent: Friday, August 18, 2017 9:13 AM<br> To: <a href=3D"mailto:[email protected]";>scap-secu= rity-guide@lists.<wbr>fedorahosted.org</a><br> Subject: [Non-DoD Source] Re: oscap output and STIG Viewer<br> <br> All active links contained in this email were disabled.=C2=A0 Please verify= the identity of the sender, and confirm the authenticity of all links cont= ained within the message prior to copying and pasting the address to a Web = browser.<br> <br> <br> <br> <br> ----<br> <br> <br> <br> On 8/18/17 10:20 AM, Trevor Vaughan wrote:<br> > Please do ask DISA to support the standard SCAP formats if at all<br> > possible.<br> ><br> > I haven't been able to find any of their internal formats yet I= 9;m<br> > trying to automate the generation of content for them.<br> ><br> > This really is not helpful to their user base.<br> <br> Having end-customers/users make the requests would be ideal:<br> <br> Caution-<a href=3D"https://iase.disa.mil/stigs/Pages/contact.aspx"; rel=3D"n= oreferrer" target=3D"_blank">https://iase.disa.mil/<wbr>stigs/Pages/contact= .aspx</a><br> <br> <a href=3D"mailto:[email protected]";>[email protected]</a><br> ______________________________<wbr>_________________<br> scap-security-guide mailing list -- <a href=3D"mailto:scap-security-guide@l= ists.fedorahosted.org">scap-security-guide@lists.<wbr>fedorahosted.org</a><= br> To unsubscribe send an email to <a href=3D"mailto:scap-security-guide-leave= @lists.fedorahosted.org">scap-security-guide-leave@<wbr>lists.fedorahosted.= org</a><br> ______________________________<wbr>_________________<br> scap-security-guide mailing list -- <a href=3D"mailto:scap-security-guide@l= ists.fedorahosted.org">scap-security-guide@lists.<wbr>fedorahosted.org</a><= br> To unsubscribe send an email to <a href=3D"mailto:scap-security-guide-leave= @lists.fedorahosted.org">scap-security-guide-leave@<wbr>lists.fedorahosted.= org</a><br> ______________________________<wbr>_________________<br> scap-security-guide mailing list -- <a href=3D"mailto:scap-security-guide@l= ists.fedorahosted.org">scap-security-guide@lists.<wbr>fedorahosted.org</a><= br> To unsubscribe send an email to <a href=3D"mailto:scap-security-guide-leave= @lists.fedorahosted.org">scap-security-guide-leave@<wbr>lists.fedorahosted.= org</a><br> </div></div></blockquote></div><br><br clear=3D"all"><br>-- <br><div class= =3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr"><d= iv><div dir=3D"ltr"><div>Trevor Vaughan<br>Vice President, Onyx Point, Inc<= br></div><div>(410) 541-6699 x788<br></div><div><br>-- This account not app= roved for unencrypted proprietary information --</div></div></div></div></d= iv> </div> --94eb2c08b7e4ef108905570c2937-- ------------------------------ Subject: Digest Footer _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] ------------------------------ End of scap-security-guide Digest, Vol 71, Issue 12 ***************************************************
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
