Re: VMs, containers vs. bare-metal machines in SSG

20 Oct 2016


      ----- Original Message -----
...
From: "Leland J Sr CTR DISA DD Steinke (US)" leland.j.steinke.ctr@mail.mil
To: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org
Sent: Thursday, October 20, 2016 2:50:54 PM
Subject: RE: VMs, containers vs. bare-metal machines in SSG
Have you considered the CPE Applicability Language (NISTIR 7698)?  It
facilitates this without overloading CPE IDs.
Yeah, we'd use CPE applicability - a CPE name and its CPE OVAL definition.
That will get us the best compatibility with various SCAP scanners out there.
What I meant by "fake" is that docker or vm-storage are not architectures,
they are not even OSes, they don't fit well in the CPE ID schemes.
-- 
Martin Preisler
Identity Management and Platform Security | Red Hat, Inc.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Re: VMs, containers vs. bare-metal machines in SSG