[Open-scap] NIST 800-53 identifiers
Simon Lukasik
slukasik at redhat.com
Sun Aug 31 11:24:50 UTC 2014
On 08/30/2014 11:00 PM, david.oliva at verizon.net wrote:
> Hi Simon and all:
> Maybe this helps.
> The machine-readable CCE-to-SP800-53 mappings for RHEL5 can be
> downloaded from
> http://usgcb.nist.gov/usgcb/rhel/download_rhel5.html
> So I imagine that getting the mappings to show in the OpenSCAP XCCDF
> output would take only a little tweaking of the software.
> David Oliva
Hello David,
Thanks for the suggestion. It wouldn't be that easy though.
I am afraid that these mappings apply only for RHEL5. And for RHEL6 you
would need different mapping file. That means the solution needs to be
generic. We would probably need to supply the mappings file during the
report generation.
Is there a similar mappings file for RHEL6? I believe that
scap-security-guide started to include these mappings directly to XCCDF.
Best regards,
--
Simon Lukasik
Security Technologies, Red Hat, Inc.
More information about the Open-scap-list
mailing list