SCAP Scans: 1 to 2

Published: Jan 10, 2023 by Skyland Staff

Introduction

After performing a Security Content Automation Protocol (SCAP) scan using the SCAP Compliance Checker (SCC), it’s important to understand how to interpret and analyze the results. In this article, we’ll provide an overview of how to read the scan results and take appropriate action to address any non-compliant items.

Step 1: Accessing the Scan Results

  1. Once the SCAP scan is complete, open the SCC application.
  2. Click on “View Results” in the SCC home window.

Step 2: Understand the Reports

The SCC application generates two main reports:

All Settings Report

The All Settings report provides an overview of all the security settings checked during the scan, their current status, and their compliance status.

Non-Compliance Report

The Non-Compliance report lists all the security settings that failed to meet the compliance requirements. This report helps you focus on the items that need immediate attention.

Step 3: Review the Non-Compliance Report

  1. In the “Reports” section, double-click the “Non-Compliance” report to open it.
  2. Review each non-compliant item, noting its ID, title, and description.
  3. The report provides details on the severity of each finding, which can be classified as low, medium, or high. Prioritize addressing high-severity findings first, as they pose the greatest risk to your system.

Step 4: Analyze and Address Non-Compliant Items

For each non-compliant item, consider the following steps:

  1. Understand the issue: Carefully read the description and any provided reference materials to understand the implications of the non-compliant setting.
  2. Determine the appropriate action: Decide whether to remediate the issue or accept the risk. In some cases, you may determine that the non-compliant setting is necessary for your environment or that the risk is acceptable.
  3. Remediate the issue: If you decide to remediate the issue, research and implement the necessary changes to your system to bring it into compliance. This may involve modifying configuration files, updating software, or changing system settings.
  4. Document the changes: Maintain a record of the changes you make to your system, including the date, the person responsible, and the reason for the change. This documentation can be useful for troubleshooting, audits, and future system maintenance.

Step 5: Re-Scan Your System

After addressing non-compliant items, perform another SCAP scan using the SCC application to verify that your changes have brought your system into compliance. Continue to review and remediate non-compliant items until your system meets your desired level of compliance.

Conclusion

Interpreting and analyzing SCAP scan results is a crucial step in maintaining the security posture of your Linux system. By understanding the scan results and taking appropriate action, you can ensure that your system is compliant with the relevant Security Technical Implementation Guides (STIGs) and minimize the risk of security vulnerabilities.

Share

Latest Posts


Introducing Skyland Systems
Introducing Skyland Systems

Learn about our new brand and updated website.

SCAP Scans: 1 to 2
SCAP Scans: 1 to 2

Interpreting and Analyzing SCAP Scan Results

SCAP Scans: 0 to 1
SCAP Scans: 0 to 1

How to Perform a STIG Compliance Scan on a Remote Linux System