feature to override relevance check #1983
Comments
|
The scanner itself does not define applicability of rules in XCCDF. The content itself contains all applicability checks, and easily amendable (one can either remove platforms conditions from rules, or change the OVALs on which these platforms are based). Usually it is only required to change the platform check of the Benchmark. |
|
correct, but overrides are sometimes necessary and editing scap content is cumbersome (ive certainly done it.) A few conditions ive encountered where an override may be beneficial are embedded vendors that offer a repackaged Ubuntu or Redhat, or Redhat Enterprise Linux 9 which only has a draft stig. in the latter case its preferable to audit on the RHEL 8 baseline but harden to the draft OVAL during installation on kickstart. hacking into the scaps also reduces confidence from the control assessor during ATO and worst case can lead to a ton of POAM work to justify why we deviate from the upstream on SIPRNet. |
Description of Problem:
in the SCC Scanner developed by NIWC there is a feature to "override" relevance/applicability in the OVAL for a specific OS and just run the OVAL anyway. Can this feature be implemented in oscap?
The text was updated successfully, but these errors were encountered: