[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Open-scap] openscap is "in evaluation"



On 03/14/2013 03:38 PM, Gary Gapinski wrote:
> On 03/13/2013 09:43 AM, Steve Grubb wrote:
>> This is to announce that openscap is currently "in-evaluation" to be a
>> certified scanner:
>>
>> http://www.redhat.com/about/news/archive/2013/3/red-hat-openscap-under-evaluation-to-meet-scap-1-2-nist-standard
>>
> 
> Having SCAP 1.2 (rather than 1.1) as the target environment is quite
> interesting. SCAP 1.2 is a significant departure from prior versions,
> and imposes some rather complicated requirements on what had previously
> been far simpler inter-document references.
> 
> I am unaware of any contemporary commercial implementations (I can't
> verify this - the NIST web site has been dysfunctional for several days).
> 
> I'd like to extend both my admiration and condolences to those charged
> with implementation and compliance assurance at the SCAP 1.2 version level.
> 
> I would hope (and expect) that the ability to competently consume SCAP
> 1.2 content will not adversely affect the exceptional abilities the tool
> has thus far exhibited.
> 

Many thanks for your kind words.

OpenSCAP supports both standard versions (1.2 and 1.1). Feel free to
consult `man oscap` for details about SCAP 1.2 DataStream implementation.

> Regards,
> 
> Gary
> 

-- 
Simon Lukasik
Security Technologies


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]