Re: [Open-scap] OpenSCAP Evaluation Report summary
It uses the XCCDF scoring model. tl;dr: it is a weighted average, rules that are more severe contribute more to the result. You can also use the flat scoring model to get a non weighted percentage. Check out page 63 of
[Open-scap] OpenSCAP Evaluation Report summary
The numbers in the Compliance and Scoring section of the html file do not add up. Details: * Using the STIG for Red Hat Enterprise Linux 7 Server (227) profile. * Using RHEL 7.3. * Rule Results: 112 passed, 103 failed, 10 other * Score 64.56% passed. So, 112 passed + 103 failed