[Open-scap] NIST 800-53 identifiers
Simon Lukasik
slukasik at redhat.com
Sat Aug 30 12:39:45 UTC 2014
I am revisiting old e-mail thread, just to connect the dots.
I believe that this request has been recently implemented by Martin in
https://git.fedorahosted.org/cgit/openscap.git/commit/?id=d91cd1ce997bf0fd08e511695439528aa60c9491
Thanks Martin!
On 03/12/2014 02:45 AM, Shawn Wells wrote:
> On 3/11/14, 6:15 PM, Kordell, Luke T wrote:
>> Hello,
>>
>> I noticed that the majority of the rule definitions now have
>> NIST 800-53 identifiers or an empty set of quotes where an identifier
>> will be added. Is there a way to get the already-added identifiers to
>> show-up on the .html scan results? At the moment all I can see is the
>> CCE number.
>>
>> Thanks,
>>
>> Luke K
>
> (cross posting to open-scap-list since this is of interest to both
> communities, and the OpenSCAP guys are in the position to affect change)
>
> This comes up frequently. From a content perspective the NIST 800-53
> (+STIG) identifiers are handled in the <ref> tags. It's a matter of
> having the tool (e.g. OpenSCAP) place them into the results file. I
> recall a thread about this, however couldn't easily find it.
>
> So, for the OpenSCAP guys: within SSG we utilize the <ref> tag to map
> additional policy regimes to XCCDF rules. Is there a way to get this
> information exposed within result files?
>
--
Simon Lukasik
Security Technologies, Red Hat, Inc.
More information about the Open-scap-list
mailing list