Description of problem: CIS (Center for Internet Security) benchmark is used by the companies across the world. Having the profile aligned with CIS is a usability feature meant to ease the costs of hardening. Version-Release number of selected component (if applicable): N/A How reproducible: reliably Steps to Reproduce: 1. oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml 2. should list CIS profile 3. the profile should be sufficiently complete (not needed to be 100%, but 70% +) Actual results: No profile is shipped Expected results: CIS profile is shipped Additional info: C2S profile is INSPIRED by CIS, but contains deliberate changes, as it's not meant to replace CIS. As such it cannot be used to fulfill this request, but can be updated to be (re)implemented as an extension of CIS profile. To highlight all the differences.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:3909
*** Bug 1888915 has been marked as a duplicate of this bug. ***
This bug, and the rpm indicate v2.2.0 However, the following documentation states v3.0.0 for xccdf_org.ssgproject.content_profile_cis https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/scap-security-guide-profiles-supported-in-rhel-7_scanning-the-system-for-configuration-compliance-and-vulnerabilities Which is correct ... or am I understanding versions wrong?
Hi James, the correct version is 2.2.0. I'll get the documentation sorted out, thank you for the comment.