Hi all, I noticed something strange in the information we have about the STIG Profiles. The problem is that what we internally refer as "Stig ID" is actually the STIG Rule "Version", it seems like "RHEL-7-01010101", meanwhile, we just ignore the real id of the STIG Rule that seems like "SV-86473r2_rule".
When SSG is built, this id (version actually) is output as a Rule reference, for example: "<reference href="http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx";>RHEL-07-010010</reference>" Although this "Version" is different for each Rule, it does not change when there is new revision, meaning that we are not able to tell which revision of a rule we are evaluating based on this field, on the other hand, the real id gets incremented when there is a new revision for that rule, for example "SV-86473r2_rule" becomes "SV-86473r3_rule". I'm currently trying to enable OpenSCAP to output the result of a scanning in a way the STIG Viewer is able to read it and populate a checklist, but it only understands the real id. Unfortunatelly, there is no place, except for comments, where I can get this id. A workaround for my development is to create another tag (probably a reference) in the Rule with the actual STIG id, but I'd like to hear from you if someone know the story behind this before I move on. Thanks Wesley _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
