[Open-scap] OpenSCAP Evaluation Report summary
Martin Preisler
mpreisle at redhat.com
Mon Jul 17 21:21:06 UTC 2017
It uses the XCCDF scoring model. tl;dr: it is a weighted average,
rules that are more severe contribute more to the result. You can also
use the flat scoring model to get a non weighted percentage.
Check out page 63 of
http://csrc.nist.gov/publications/nistir/ir7275-rev4/nistir-7275r4_updated-march-2012_clean.pdf
for more details about this.
On Mon, Jul 17, 2017 at 3:36 PM, Greg Silverman (CS)
<Greg.Silverman at veritas.com> wrote:
> The numbers in the Compliance and Scoring section of the html file do not
> add up.
>
>
>
> Details:
>
> Using the STIG for Red Hat Enterprise Linux 7 Server (227) profile.
> Using RHEL 7.3.
> Rule Results: 112 passed, 103 failed, 10 other
> Score 64.56% passed.
>
>
>
> So, 112 passed + 103 failed = 225 evaluated. But, 112/225 = 50% passed. Why
> does the scanner give a score of 64.56%? Is it a weighted average? What is
> the formula?
>
>
>
> Thanks,
>
>
>
> Greg Silverman
>
> Veritas Technologies
>
> Mountain View, CA
>
>
>
>
>
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
--
Martin Preisler
More information about the Open-scap-list
mailing list