1 Reply Latest reply on Mar 9, 2015 8:31 AM by Dheeraj Sah

    More Information on SCAP Content

    Cody Dean

      Good Morning,

      I have been messing around with SCAP for a few weeks now and I had some questions, the documentation for SCAP in BSA seemed lacking.


      We get our SCAP content from NVD - Repository and https://benchmarks.cisecurity.org/ - does anyone know any other sources for reliable SCAP content?


      Second, I have read the design specs for comparisons between SCAP 1.0 and 1.2 but I have yet to run across any SCAP 1.2 content (at least none that would properly import).  The CIS benchmark bundles have quite a few benchmarks that are single .xml files (no oval, xccdf or cpe files) - so I was assuming these were the 1.2 content but they throw "Data-stream-collecting tag is missing in SCAP Data Stream Collection file".  How do you tell SCAP 1.0 vs 1.2 and why would there be 1.0 content that are only .xml in the CIS bundle?


      Anyone know of an additional resources with information regarding utilizing SCAP in BSA?  Is anyone using SCAP on a regular basis and care to share some tips?


      Thank You,