For SSH (and other configurations), we want to preserve the ability to not flag
non-compliance if the default (unspecified) is compliant. It reduces costs, which makes
for a more compelling (less uncompelling?) argument for C&A activities.
The wording of this is rough and definitely not final. After all the other checks and
profile inclusion
adjustments are complete, and when we get to copy editing, it will undoubtedly be
improved.
Jeffrey Blank (1):
added new macro for SSH checks (rough wording for now), and used it
RHEL6/input/services/ssh.xml | 15 +++++++++++++++
RHEL6/transforms/shorthand2xccdf.xslt | 21 ++++++++++++++++++++-
2 files changed, 35 insertions(+), 1 deletions(-)