[Open-scap] openscap is "in evaluation"
Gary Gapinski
gapinski at nasa.gov
Thu Mar 14 14:38:20 UTC 2013
On 03/13/2013 09:43 AM, Steve Grubb wrote:
> This is to announce that openscap is currently "in-evaluation" to be a
> certified scanner:
>
> http://www.redhat.com/about/news/archive/2013/3/red-hat-openscap-under-evaluation-to-meet-scap-1-2-nist-standard
>
Having SCAP 1.2 (rather than 1.1) as the target environment is quite
interesting. SCAP 1.2 is a significant departure from prior versions,
and imposes some rather complicated requirements on what had previously
been far simpler inter-document references.
I am unaware of any contemporary commercial implementations (I can't
verify this - the NIST web site has been dysfunctional for several days).
I'd like to extend both my admiration and condolences to those charged
with implementation and compliance assurance at the SCAP 1.2 version level.
I would hope (and expect) that the ability to competently consume SCAP
1.2 content will not adversely affect the exceptional abilities the tool
has thus far exhibited.
Regards,
Gary
More information about the Open-scap-list
mailing list