I agree with @gabe and others. Another option is to possibly give a 'system needs to
remediate x controls to reach compliance.
Rodney
On Aug 28, 2014, at 3:09 PM, Gabe Alford
<redhatrises(a)gmail.com> wrote:
Agree about the "The system is not compliant!" text. A lot of our security
people will freak out over it. Maybe either different types of non-compliance messages are
based off of a %, or better non-compliance messages that are not so alarming.
Gabe
> On Thu, Aug 28, 2014 at 12:29 PM, Andrew Gilmore <agilmore2(a)gmail.com> wrote:
> I like the new look and functionality.
>
> Two first blush comments:
> 1) On the report document, I can imagine my security officials freaking out over the
in-your-face "The system is not compliant!" text. What is the recommended course
to ensure this text does not appear if you're running the scan on a webserver, for
example? Is it as simple as creating a custom profile derived from the STIG profile? Does
anyone directly use the STIG profile, have a completely compliant system, and have a
server that actually does anything useful?
> Up to now, I've left tests in that I have waivers for, and then pointed at the
waivers to justify the test failures. Perhaps I will need to change that practice.
>
> 2) On the guide document, the text beginning "Providing system
administrators" occurs twice.
>
>
>
>
>> On Thu, Aug 28, 2014 at 11:49 AM, Martin Preisler <mpreisle(a)redhat.com>
wrote:
>> Hi,
>>
>> as you may know I have been working on a complete rewrite of HTML report and
guide for the upcoming openscap 1.1.0 release. It's a feature that will touch almost
every user of openscap. I would like to gather feedback from the scap-security-guide
community so that we can make sure there aren't any blocker issues in the release. It
is natural that there will be small issues that we will iron out in minor releases.
Basically we would just like to make sure the new report and guide aren't missing
anything crucial that would prevent adoption.
>>
>> See
https://mpreisle.fedorapeople.org/openscap/1.1.0_xslt/ for sample HTML report
and guide from SSG for RHEL6.
>>
>> Looking forward to feedback.
>>
>> --
>> Martin Preisler
>> --
>> SCAP Security Guide mailing list
>> scap-security-guide(a)lists.fedorahosted.org
>>
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
>>
https://github.com/OpenSCAP/scap-security-guide/
>
>
> --
> SCAP Security Guide mailing list
> scap-security-guide(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
>
https://github.com/OpenSCAP/scap-security-guide/
--
SCAP Security Guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/