Skip to content

What should go into an FAQ?

Jump to bottom Edit New page
Shawn Wells edited this page Mar 25, 2015 · 3 revisions

  • Why is the SCAP content different between the web site and the RPM shipped in RHEL? (Like the web site stuff could be newer)

  • How does the STIG differ from SSG? (SSG is the upstream for the STIG, so the STIG comes out after approval by DISA so it takes time)

  • Should I use the STIG or SSG SCAP content? (It depends...)

  • Should I use the STIG or SSG SCAP content from Red Hat or from the DISA or SSG web site?

  • Why is the RHEL 5 STIG SCAP content so different? (i.e., poor quality) Will there be SSG content for RHEL 5?

  • Does this work with RHEL derivatives like CentOS and Scientific Linux?

  • Is there SCAP content for PCI, HIPPA, and others? (Glad you asked, patches welcome.)

  • How can I get involved? Is it ok for a government employee to contribute?

  • How do I install a STIG system with using only native tooling?

  • Why are the Vulnerability IDs different for the issue across different STIGs?

  • Blame DISA

  • Where are the STIGs located?

  • iase.disa.mil

  • Is there a tool that correlates STIG Vuln IDs to CCE numbers, Nessus plugins, or XYZ?

  • Dunno.

Add a custom footer
Add a custom sidebar
Clone this wiki locally