I suspect it is the 1.2 that may be causing the problems. We can look into it on our end
because we are publishing a Windows benchmark in that format.
-----Original Message-----
From: scap-security-guide-request(a)lists.fedorahosted.org
[mailto:scap-security-guide-request@lists.fedorahosted.org]
Sent: Friday, August 18, 2017 3:31 PM
To: scap-security-guide(a)lists.fedorahosted.org
Subject: [Non-DoD Source] scap-security-guide Digest, Vol 71, Issue 12
Send scap-security-guide mailing list submissions to
scap-security-guide(a)lists.fedorahosted.org
To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
scap-security-guide-request(a)lists.fedorahosted.org
You can reach the person managing the list at
scap-security-guide-owner(a)lists.fedorahosted.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of scap-security-guide digest..."
Today's Topics:
1. Re: [Non-DoD Source] scap-security-guide Digest, Vol 71, Issue 10
(Shawn Wells)
2. Re: [Non-DoD Source] Re: oscap output and STIG Viewer
(Trevor Vaughan)
----------------------------------------------------------------------
Date: Fri, 18 Aug 2017 14:56:10 -0400
From: Shawn Wells <shawn(a)redhat.com
Subject:
Re: [Non-DoD Source] scap-security-guide Digest, Vol 71,
Issue 10
To: SCAP Security Guide <scap-security-guide(a)lists.fedorahosted.org
Message-ID:
<EF1596E8-4BEE-45FA-9F27-292F07702663(a)redhat.com
Content-Type: text/plain; charset=us-ascii
Hey Jason,
Thanks for the response! OpenSCAP can generate ARF, OVAL results, XCCDF results in
SCAP 1.2 formats.
Shawn
On Aug 18, 2017, at 1:52 PM, Mackanick, Jason W CIV DISA RE (US)
<jason.w.mackanick.civ(a)mail.mil> wrote:
The DISA STIG Viewer accepts xccdf results files. Is this the format which openscap is
using?
-----Original Message-----
From: scap-security-guide-request(a)lists.fedorahosted.org
[mailto:scap-security-guide-request@lists.fedorahosted.org]
Sent: Friday, August 18, 2017 1:47 PM
To: scap-security-guide(a)lists.fedorahosted.org
Subject: [Non-DoD Source] scap-security-guide Digest, Vol 71, Issue 10
All active links contained in this email were disabled. Please verify the identity of
the sender, and confirm the authenticity of all links contained within the message prior
to copying and pasting the address to a Web browser.
----
Send scap-security-guide mailing list submissions to
scap-security-guide(a)lists.fedorahosted.org
To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
scap-security-guide-request(a)lists.fedorahosted.org
You can reach the person managing the list at
scap-security-guide-owner(a)lists.fedorahosted.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of scap-security-guide digest..."
Today's Topics:
1. Re: oscap output and STIG Viewer (Trevor Vaughan)
2. Re: oscap output and STIG Viewer (Shawn Wells)
3. RE: [Non-DoD Source] Re: oscap output and STIG Viewer
(Paige, David B CTR USARMY ICOE (US))
4. RE: [Non-DoD Source] Re: oscap output and STIG Viewer
(Paige, David B CTR USARMY ICOE (US))
5. RE: [Non-DoD Source] Re: oscap output and STIG Viewer
(Albrecht, Thomas C)
----------------------------------------------------------------------
Date: Fri, 18 Aug 2017 10:20:41 -0400
From: Trevor Vaughan <tvaughan(a)onyxpoint.com
Subject:
Re: oscap output and STIG Viewer
To: SCAP Security Guide <scap-security-guide(a)lists.fedorahosted.org
Message-ID:
<CANs+FoUiDyaAoodJ9mh4Ku8g_cE56bObmqkGUttbvcgmgGdFkQ(a)mail.gmail.com
Content-Type: multipart/alternative;
boundary="001a114e7e887ee173055707d587"
--001a114e7e887ee173055707d587
Content-Type: text/plain; charset="UTF-8"
Please do ask DISA to support the standard SCAP formats if at all possible.
I haven't been able to find any of their internal formats yet I'm trying to
automate the generation of content for them.
This really is not helpful to their user base.
Trevor
> On Thu, Aug 17, 2017 at 9:58 PM, Shawn Wells <shawn(a)redhat.com> wrote:
>
>
>
>> On 8/17/17 1:02 PM, Paige, David B CTR USARMY ICOE (US) wrote:
>> The DISA STIGViewer isn't about to correlate the Redhat STIG with any of
> the items from a Rhel/CentOS xml file created by openscap. This means that
> all of the items must be updated manually.
>>
>> Would it be possible to get the output to be recognized by the DISA
> STIGViewer? I'm not sure what openscap does differently from the SPAWAR
> SCC tool, which can be imported into the STIGViewer.
>>
>> The openscap xml output is also not processed by the vulnerator tool,
> but it will handle the SCC xml files.
>
> OpenSCAP generates SCAP content. STIGViewer (and SCC) built in DISA's
> proprietary extensions/formats.
>
> In theory this would be a matter of applying an XSLT to restructure the
> properly formatted SCAP results into whatever DISA needs.
> _______________________________________________
> scap-security-guide mailing list -- scap-security-guide@lists.
>
fedorahosted.org
> To unsubscribe send an email to scap-security-guide-leave@
>
lists.fedorahosted.org
>
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699 x788
-- This account not approved for unencrypted proprietary information --
--001a114e7e887ee173055707d587
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div><div>Please do ask DISA to
support the standard =
SCAP formats if at all possible.<br><br></div>I haven't been
able to fi=
nd any of their internal formats yet I'm trying to automate the generat=
ion of content for them.<br><br></div>This really is not helpful to
their u=
ser base.<br><br></div>Trevor<br></div><div
class=3D"gmail_extra"><br><div =
class=3D"gmail_quote">On Thu, Aug 17, 2017 at 9:58 PM, Shawn Wells <span
di=
r=3D"ltr"><<a href=3D"Caution-mailto:shawn@redhat.com"
target=3D"_blank">shawn@r=
edhat.com</a>></span> wrote:<br><blockquote
class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span
cl=
ass=3D""><br
<br
On
8/17/17 1:02 PM, Paige, David B CTR USARMY ICOE (US) wrote:<br
> The DISA STIGViewer isn't about to correlate
the Redhat STIG with =
any of the items from a Rhel/CentOS xml file created by openscap.=C2=A0 Thi=
s means that all of the items must be updated manually.<br
><br
>
Would it be possible to get the output to be recognized by the DISA ST=
IGViewer?=C2=A0 I'm not sure what openscap does differently from the SP=
AWAR SCC tool, which can be imported into the STIGViewer.<br
><br
>
The openscap xml output is also not processed by the vulnerator tool, =
but it will handle the SCC xml files.<br
<br
</span>OpenSCAP generates SCAP content. STIGViewer (and
SCC) built in DISA&=
#39;s<br
proprietary
extensions/formats.<br
<br
In
theory this would be a matter of applying an XSLT to restructure the<br
properly formatted SCAP results into whatever DISA
needs.<br
<div
class=3D"HOEnZb"><div
class=3D"h5">______________________________<wbr>=
_________________<br
scap-security-guide mailing list --
<a href=3D"Caution-mailto:scap-security-guide@l=
ists.fedorahosted.org">scap-security-guide(a)lists.<wbr>fedorahosted.org</a><=
br
To unsubscribe send an email to <a
href=3D"Caution-mailto:scap-security-guide-leave=
@lists.fedorahosted.org">scap-security-guide-leave(a)<wbr>lists.fedorahosted.=
org</a><br
</div></div></blockquote></div><br><br
clear=3D"all"><br>-- <br><div class=
=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div
dir=3D"ltr"><d=
iv><div dir=3D"ltr"><div>Trevor Vaughan<br>Vice President,
Onyx Point, Inc<=
br></div><div>(410) 541-6699
x788<br></div><div><br>-- This account not app=
roved for unencrypted proprietary information
--</div></div></div></div></d=
iv
</div
--001a114e7e887ee173055707d587--
------------------------------
Date: Fri, 18 Aug 2017 12:12:53 -0400
From: Shawn Wells <shawn(a)redhat.com
Subject:
Re: oscap output and STIG Viewer
To: scap-security-guide(a)lists.fedorahosted.org
Message-ID: <8b800cd7-e1c5-aa39-61b7-471730ba9117(a)redhat.com
Content-Type: text/plain; charset=utf-8
> On 8/18/17 10:20 AM, Trevor Vaughan wrote:
> Please do ask DISA to support the standard SCAP formats if at all
> possible.
>
> I haven't been able to find any of their internal formats yet I'm
> trying to automate the generation of content for them.
>
> This really is not helpful to their user base.
Having end-customers/users make the requests would be ideal:
Caution-https://iase.disa.mil/stigs/Pages/contact.aspx
disa.stig_spt(a)mail.mil
------------------------------
Date: Fri, 18 Aug 2017 16:18:14 +0000
From: "Paige, David B CTR USARMY ICOE (US)"
<david.b.paige.ctr(a)mail.mil
Subject: RE: [Non-DoD Source] Re:
oscap output and STIG Viewer
To: SCAP Security Guide <scap-security-guide(a)lists.fedorahosted.org
Message-ID:
<6BE43602BC42C149A3F61277E163DC2FC845A054(a)USATHU5D.easf.csd.disa.mil
Content-Type: text/plain; charset="utf-8"
I will drop them a note and see if they have any plans to support the standard SCAP
formats.
-----Original Message-----
From: Shawn Wells [Caution-mailto:shawn@redhat.com]
Sent: Friday, August 18, 2017 9:13 AM
To: scap-security-guide(a)lists.fedorahosted.org
Subject: [Non-DoD Source] Re: oscap output and STIG Viewer
All active links contained in this email were disabled. Please verify the identity of
the sender, and confirm the authenticity of all links contained within the message prior
to copying and pasting the address to a Web browser.
----
> On 8/18/17 10:20 AM, Trevor Vaughan wrote:
> Please do ask DISA to support the standard SCAP formats if at all
> possible.
>
> I haven't been able to find any of their internal formats yet I'm
> trying to automate the generation of content for them.
>
> This really is not helpful to their user base.
Having end-customers/users make the requests would be ideal:
Caution-Caution-https://iase.disa.mil/stigs/Pages/contact.aspx
disa.stig_spt(a)mail.mil
_______________________________________________
scap-security-guide mailing list -- scap-security-guide(a)lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave(a)lists.fedorahosted.org
------------------------------
Date: Fri, 18 Aug 2017 17:36:19 +0000
From: "Paige, David B CTR USARMY ICOE (US)"
<david.b.paige.ctr(a)mail.mil
Subject: RE: [Non-DoD Source] Re:
oscap output and STIG Viewer
To: SCAP Security Guide <scap-security-guide(a)lists.fedorahosted.org
Message-ID:
<6BE43602BC42C149A3F61277E163DC2FC845A07C(a)USATHU5D.easf.csd.disa.mil
Content-Type: text/plain; charset="utf-8"
OpenSCAP will not be supported. There is a benchmark in development which will
correspond to the RHEL7 STIG.
-----Original Message-----
From: Shawn Wells [Caution-mailto:shawn@redhat.com]
Sent: Friday, August 18, 2017 9:13 AM
To: scap-security-guide(a)lists.fedorahosted.org
Subject: [Non-DoD Source] Re: oscap output and STIG Viewer
All active links contained in this email were disabled. Please verify the identity of
the sender, and confirm the authenticity of all links contained within the message prior
to copying and pasting the address to a Web browser.
----
> On 8/18/17 10:20 AM, Trevor Vaughan wrote:
> Please do ask DISA to support the standard SCAP formats if at all
> possible.
>
> I haven't been able to find any of their internal formats yet I'm
> trying to automate the generation of content for them.
>
> This really is not helpful to their user base.
Having end-customers/users make the requests would be ideal:
Caution-Caution-https://iase.disa.mil/stigs/Pages/contact.aspx
disa.stig_spt(a)mail.mil
_______________________________________________
scap-security-guide mailing list -- scap-security-guide(a)lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave(a)lists.fedorahosted.org
------------------------------
Date: Fri, 18 Aug 2017 17:46:29 +0000
From: "Albrecht, Thomas C" <thomas.c.albrecht(a)lmco.com
Subject: RE: [Non-DoD Source] Re: oscap output and STIG
Viewer
To: SCAP Security Guide <scap-security-guide(a)lists.fedorahosted.org
Message-ID:
<C9A4ECF8605EE84C8635B172500B6DFB02C83791(a)HVXDSP24.us.lmco.com
Content-Type: text/plain; charset="utf-8"
Sadly, this is the response I expected. DISA is not being asked to support OpenSCAP.
They're being asked to comply with SCAP, which, last time I checked, is a standard
published by NIST.
Embrace and extend.
Tom A.
-----Original Message-----
From: Paige, David B CTR USARMY ICOE (US) [Caution-mailto:david.b.paige.ctr@mail.mil]
Sent: Friday, August 18, 2017 1:36 PM
To: SCAP Security Guide <scap-security-guide(a)lists.fedorahosted.org
Subject: EXTERNAL: RE: [Non-DoD Source] Re: oscap output and
STIG Viewer
OpenSCAP will not be supported. There is a benchmark in development which will
correspond to the RHEL7 STIG.
-----Original Message-----
From: Shawn Wells [Caution-mailto:shawn@redhat.com]
Sent: Friday, August 18, 2017 9:13 AM
To: scap-security-guide(a)lists.fedorahosted.org
Subject: [Non-DoD Source] Re: oscap output and STIG Viewer
All active links contained in this email were disabled. Please verify the identity of
the sender, and confirm the authenticity of all links contained within the message prior
to copying and pasting the address to a Web browser.
----
> On 8/18/17 10:20 AM, Trevor Vaughan wrote:
> Please do ask DISA to support the standard SCAP formats if at all
> possible.
>
> I haven't been able to find any of their internal formats yet I'm
> trying to automate the generation of content for them.
>
> This really is not helpful to their user base.
Having end-customers/users make the requests would be ideal:
Caution-Caution-https://iase.disa.mil/stigs/Pages/contact.aspx
disa.stig_spt(a)mail.mil
_______________________________________________
scap-security-guide mailing list -- scap-security-guide(a)lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave(a)lists.fedorahosted.org
_______________________________________________
scap-security-guide mailing list -- scap-security-guide(a)lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave(a)lists.fedorahosted.org
------------------------------
Subject: Digest Footer
_______________________________________________
scap-security-guide mailing list -- scap-security-guide(a)lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave(a)lists.fedorahosted.org
------------------------------
End of scap-security-guide Digest, Vol 71, Issue 10
***************************************************
------------------------------
Date: Fri, 18 Aug 2017 15:30:37 -0400
From: Trevor Vaughan <tvaughan(a)onyxpoint.com
Subject:
Re: [Non-DoD Source] Re: oscap output and STIG Viewer
To: SCAP Security Guide <scap-security-guide(a)lists.fedorahosted.org
Message-ID:
<CANs+FoW4ETsvrmJ6Jt-6UR0DdarO60B042dRfYCoRLoEPNW5rQ(a)mail.gmail.com
Content-Type: multipart/alternative;
boundary="94eb2c08b7e4ef108905570c2937"
--94eb2c08b7e4ef108905570c2937
Content-Type: text/plain; charset="UTF-8"
I don't quite follow.
I thought that the OpenSCAP output was SCAP standard compliant since it's
one of the validated scanners?
I guess I'm missing what they can't support? Is it the Data Streams,
individual files, something else?
Trevor
On Fri, Aug 18, 2017 at 1:46 PM, Albrecht, Thomas C <
thomas.c.albrecht(a)lmco.com> wrote:
Sadly, this is the response I expected. DISA is not being asked to
support OpenSCAP. They're being asked to comply with SCAP, which, last
time I checked, is a standard published by NIST.
Embrace and extend.
Tom A.
-----Original Message-----
From: Paige, David B CTR USARMY ICOE (US) [mailto:david.b.paige.ctr@
mail.mil]
Sent: Friday, August 18, 2017 1:36 PM
To: SCAP Security Guide <scap-security-guide(a)lists.fedorahosted.org
Subject: EXTERNAL: RE: [Non-DoD Source] Re: oscap output and
STIG Viewer
OpenSCAP will not be supported. There is a benchmark in development which
will correspond to the RHEL7 STIG.
-----Original Message-----
From: Shawn Wells [mailto:shawn@redhat.com]
Sent: Friday, August 18, 2017 9:13 AM
To: scap-security-guide(a)lists.fedorahosted.org
Subject: [Non-DoD Source] Re: oscap output and STIG Viewer
All active links contained in this email were disabled. Please verify the
identity of the sender, and confirm the authenticity of all links contained
within the message prior to copying and pasting the address to a Web
browser.
----
On 8/18/17 10:20 AM, Trevor Vaughan wrote:
> Please do ask DISA to support the standard SCAP formats if at all
> possible.
> I haven't been able to find any of their internal
formats yet I'm
> trying to automate the generation of content for them.
> This really is not helpful to their user base.
Having end-customers/users make the requests would be ideal:
Caution-https://iase.disa.mil/stigs/Pages/contact.aspx
disa.stig_spt(a)mail.mil
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.
fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave@
lists.fedorahosted.org
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.
fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave@
lists.fedorahosted.org
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.
fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave@
lists.fedorahosted.org
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699 x788
-- This account not approved for unencrypted proprietary information --
--94eb2c08b7e4ef108905570c2937
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div><div>I don't quite
follow.<br><br></div>I th=
ought that the OpenSCAP output was SCAP standard compliant since it's o=
ne of the validated scanners?<br><br></div>I guess I'm missing
what the=
y can't support? Is it the Data Streams, individual files, something el=
se?<br><br></div>Trevor<br></div><div
class=3D"gmail_extra"><br><div class=
=3D"gmail_quote">On Fri, Aug 18, 2017 at 1:46 PM, Albrecht, Thomas C <span
=
dir=3D"ltr"><<a
href=3D"mailto:thomas.c.albrecht@lmco.com" target=3D"_bl=
ank">thomas.c.albrecht(a)lmco.com</a>&gt;</span>
wrote:<br><blockquote class=
=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc
solid;padd=
ing-left:1ex">Sadly, this is the response I expected.=C2=A0 DISA is not bei=
ng asked to support OpenSCAP.=C2=A0 They're being asked to comply with =
SCAP, which, last time I checked, is a standard published by NIST.<br
<br
Embrace and extend.<br
<br
Tom A.<br
<div class=3D"HOEnZb"><div
class=3D"h5"><br
-----Original Message-----<br
From: Paige, David B CTR USARMY ICOE (US) [mailto:<a
href=3D"mailto:david.b=
.paige.ctr@mail.mil">david.b.paige.ctr(a)<wbr>mail.mil</a>]<br
Sent: Friday, August 18, 2017 1:36 PM<br
To: SCAP Security Guide <<a
href=3D"mailto:scap-security-guide@lists.fed=
orahosted.org">scap-security-guide(a)lists.<wbr>fedorahosted.org</a>&gt;<br
Subject: EXTERNAL: RE: [Non-DoD Source] Re: oscap output and
STIG Viewer<br=
<br
OpenSCAP will not be
supported.=C2=A0 There is a benchmark in development w=
hich will correspond to the RHEL7 STIG.<br
<br
-----Original Message-----<br
From: Shawn Wells [mailto:<a
href=3D"mailto:shawn@redhat.com">shawn@redhat.=
com</a>]<br
Sent: Friday, August 18, 2017 9:13
AM<br
To: <a
href=3D"mailto:scap-security-guide@lists.fedorahosted.org">scap-secu=
rity-guide(a)lists.<wbr>fedorahosted.org</a><br
Subject:
[Non-DoD Source] Re: oscap output and STIG Viewer<br
<br
All active links contained in this
email were disabled.=C2=A0 Please verify=
the identity of the sender, and confirm the authenticity of all links cont=
ained within the message prior to copying and pasting the address to a Web =
browser.<br
<br
<br
<br
<br
----<br
<br
<br
<br
On 8/18/17 10:20 AM, Trevor Vaughan
wrote:<br
> Please do ask DISA to
support the standard SCAP formats if at all<br
>
possible.<br
><br
> I haven't been able to find any of their
internal formats yet I=
9;m<br
> trying to automate the
generation of content for them.<br
><br
> This really is not helpful
to their user base.<br
<br
Having
end-customers/users make the requests would be ideal:<br
<br
Caution-<a
href=3D"https://iase.disa.mil/stigs/Pages/contact.aspx" rel=3D"n=
oreferrer"
target=3D"_blank">https://iase.disa.mil/<wbr>stigs/Pag...
.aspx</a><br
<br
<a
href=3D"mailto:disa.stig_spt@mail.mil">disa.stig_spt@mail.mil</a><br
______________________________<wbr>_________________<br
scap-security-guide mailing list -- <a
href=3D"mailto:scap-security-guide@l=
ists.fedorahosted.org">scap-security-guide(a)lists.<wbr>fedorahosted.org</a><=
br
To unsubscribe send an email to <a
href=3D"mailto:scap-security-guide-leave=
@lists.fedorahosted.org">scap-security-guide-leave(a)<wbr>lists.fedorahosted.=
org</a><br
______________________________<wbr>_________________<br
scap-security-guide mailing list -- <a
href=3D"mailto:scap-security-guide@l=
ists.fedorahosted.org">scap-security-guide(a)lists.<wbr>fedorahosted.org</a><=
br
To unsubscribe send an email to <a
href=3D"mailto:scap-security-guide-leave=
@lists.fedorahosted.org">scap-security-guide-leave(a)<wbr>lists.fedorahosted.=
org</a><br
______________________________<wbr>_________________<br
scap-security-guide mailing list -- <a
href=3D"mailto:scap-security-guide@l=
ists.fedorahosted.org">scap-security-guide(a)lists.<wbr>fedorahosted.org</a><=
br
To unsubscribe send an email to <a
href=3D"mailto:scap-security-guide-leave=
@lists.fedorahosted.org">scap-security-guide-leave(a)<wbr>lists.fedorahosted.=
org</a><br
</div></div></blockquote></div><br><br
clear=3D"all"><br>-- <br><div class=
=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div
dir=3D"ltr"><d=
iv><div dir=3D"ltr"><div>Trevor Vaughan<br>Vice President,
Onyx Point, Inc<=
br></div><div>(410) 541-6699
x788<br></div><div><br>-- This account not app=
roved for unencrypted proprietary information
--</div></div></div></div></d=
iv
</div
--94eb2c08b7e4ef108905570c2937--
------------------------------
Subject: Digest Footer
_______________________________________________
scap-security-guide mailing list -- scap-security-guide(a)lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave(a)lists.fedorahosted.org
------------------------------
End of scap-security-guide Digest, Vol 71, Issue 12
***************************************************