Description of problem:
RHEL-8 does not contain DISA STIG profile separately.
# oscap info --profiles ssg-rhel8-ds.xml
xccdf_org.ssgproject.content_profile_ospp:Protection Profile for General Purpose Operating Systems
xccdf_org.ssgproject.content_profile_pci-dss:PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux
But some rules in ssg-rhel8-ds.xml are written with DISA STIG in mind example:
a. Being said, DISA STIG is more of a derivative of the OSPP profile, Can customer's use OSPP for hardening systems for DISA-STIG standards?
b. if ospp is being worked on to make DISA STIG complaint
-> In which RHEL version, scap-security-guide version(Current version:0.1.46-1.el8) OSPP profile will contain all rules defined by DISA STIG standards?
c. Or Can we say current scap-security-guide(scap-security-guide-0.1.42-11.el8.noarch.rpm) is fully DISA STIG complaint, If customers harden their system with ospp, their systems are DISA STIG complaint?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
RHEL-8 should contain a DISA-STIG complaint profile
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.