There are still many questions around using SCAP, such as the SCAP for
CVE scanning thread a few days ago.
To begin documenting FAQs -- both for the OpenSCAP/SSG pages, and formal
Red Hat documentation -- I've started to document common questions here:
https://github.com/OpenSCAP/scap-security-guide/wiki/What-should-go-into-...
What other topics/questions should be covered? Feel free to edit the
wiki directly or reply to the list! This feedback will be driven into
our wikis/manuals, and formal docs off
redhat.com.
Don't limit to use SSG.... broader questions on how to store SCAP data,
using OpenSCAP, how policy is developed all make sense!