[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Open-scap] openscap is "in evaluation"

On 03/13/2013 09:43 AM, Steve Grubb wrote:
> This is to announce that openscap is currently "in-evaluation" to be a
> certified scanner:
> http://www.redhat.com/about/news/archive/2013/3/red-hat-openscap-under-evaluation-to-meet-scap-1-2-nist-standard

Having SCAP 1.2 (rather than 1.1) as the target environment is quite
interesting. SCAP 1.2 is a significant departure from prior versions,
and imposes some rather complicated requirements on what had previously
been far simpler inter-document references.

I am unaware of any contemporary commercial implementations (I can't
verify this - the NIST web site has been dysfunctional for several days).

I'd like to extend both my admiration and condolences to those charged
with implementation and compliance assurance at the SCAP 1.2 version level.

I would hope (and expect) that the ability to competently consume SCAP
1.2 content will not adversely affect the exceptional abilities the tool
has thus far exhibited.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]