-
Notifications
You must be signed in to change notification settings - Fork 697
What should go into an FAQ?
-
Why is the SCAP content different between the web site and the RPM shipped in RHEL? (Like the web site stuff could be newer)
-
How does the STIG differ from SSG? (SSG is the upstream for the STIG, so the STIG comes out after approval by DISA so it takes time)
-
Should I use the STIG or SSG SCAP content? (It depends...)
-
Should I use the STIG or SSG SCAP content from Red Hat or from the DISA or SSG web site?
-
Why is the RHEL 5 STIG SCAP content so different? (i.e., poor quality) Will there be SSG content for RHEL 5?
-
Does this work with RHEL derivatives like CentOS and Scientific Linux?
-
Is there SCAP content for PCI, HIPPA, and others? (Glad you asked, patches welcome.)
-
How can I get involved? Is it ok for a government employee to contribute?
-
How do I install a STIG system with using only native tooling?
-
Why are the Vulnerability IDs different for the issue across different STIGs?
-
Blame DISA
-
Where are the STIGs located?
-
iase.disa.mil
-
Is there a tool that correlates STIG Vuln IDs to CCE numbers, Nessus plugins, or XYZ?
-
Dunno.