This topics contains:
- Rule exceptions with reasons for their non-compliance and workarounds if any.
Rule exceptions that are "Not a Finding" which means that they do not apply to Security Analytics. RSA has verified that the system meets these requirements.
- Rules to be supported in future release.
Key to Elements in Exception Descriptions
The Common Configuration Enumeration (CCE), assigns unique entries (also called CCE numbers) to configuration guidance statements and configuration controls to improve workflow by facilitating fast and accurate correlation of configuration issues present in disparate domains. In this way, it is similar to other comparable data standards such as the Common Vulnerability and Exposure (CVE®) List (http://cve.mitre.org/cve), which assigns identifiers to publicly known system vulnerabilities. The OpenSCAP report lists exceptions by CCE number.
Vulnerability identification code assigned to exception by the Unified Compliance Framework STIG Viewer (https://www.stigviewer.com/).
Security Technical Implementation Guide (STIG) identification code.
Rule identification code.
NIST 800-53 SP 800-53
National Institute of Standards and Technology (NIST 800-53) Special Publication 800-53 control list (https://www.stigviewer.com/controls/800-53) information provided by the RedHat STIG Viewer.
DISA Control Correlation Identifier (https://www.tenable.com/sc-dashboards/disa-control-correlation-identifier-cci-dashboard).
Describes what the rule checks to identify exceptions to DISA STIG compliance.
Provides insight on why you would receive this exception. This section includes one of the following comments that describes the exception:
- Not a Finding - Exception does not apply to Security Analytics. RSA has verified that the system meets this requirement.
- Customer Responsibility - You are responsible to make sure the system meets this requirement.
- Required Functionality - Security Analytics does not meet this requirement.
- Future Feature - Security Analytics does not meet this requirement. RSA plans to fix this in a future release of Security Analytics.
- Mitigation Steps Required - Lists steps you can take to mitigate the exception.
The following list contains the exceptions you can receive when you run the OpenSCAP report. The ID or Common Configuration Enumeration (CCE) number in the table is the identification number for the exception from the OpenSCAP report.