Hello Patrick. I noticed this in your logs:
2019/08/08 15:14:14 ScapLib I  Processing SCAP file (C:/Program Files/BMC Software/Client Management/Client/data/ScapInventory/jobs/1000/package/U_MS_Windows_10_STIG_V1R18_Manual-xccdf.xml)
I pulled down the same STIG and noticed it will only validate with CONFIGURATION as the use case, vs VULNERABILITY_XCCDF_OVAL.
Are you running the STIG with appropriate permissions? Any reason you're not using the V1R15 benchmark instead of the STIG?
I can confirm the V1R15 STIG benchmark is working correctly with the necessary MAC profile settings, where as the V1R18 STIG is showing Not Compliant on test devices and Not Scanned under SCAP rules.
Thank you CJ for responding to Patrick... You both are customers I have worked with and so glad you were able to assist with your expert and very knowledgeable experience with the Compliance SCAP section. Feel free to offer up solutions like you did here... Make me very proud!
Actually, I may need to take a lesson or two from you CJ now that you have been in there a while.
Patrick, I forgot to add this piece until after I made my first reply. Just as a reminder and hopeful benefit for other's future use:
Benchmarks are used in conjunction with SCAP tools. I.E. BCM, DISA's SCAP Tool, ACAS/NESSUS/TENABLE scanners. When loaded correctly you will get a compliance score as the tool's directly reference the STIG items for comparison.
STIGs (like your Manual-xccdf) are used as visual references with STIG checklists or viewers only and do not interface with SCAP tools like mentioned above. You CAN load them into CM as you see, but you will never receive a score as the systems aren't checked against the items for compliance.
Always a pleasure Steve, learned it all from you young'n!
I cant validate any benchmark packages that I currently have which are fairly old.
How does it validate the package? Does it reach out to some site for validation or is the process internal to the Master server?
Ill download the latest benchmarks and try those. Stay tuned. Thanks for the help.