Product Name
CIS-CAT Pro Assessor
Product Version
Date
Problem
False vulnerability being reported in CIS-CAT Pro Assessment. Appears to be an error in the content
Solution
CIS-CAT Pro Assessor CLI is designed primarily to assess CIS Benchmark configuration recommendations. However, it can also assess SCAP and CIS OVAL content.
For Windows Vulnerability reports, the OVAL files are downloaded for these vulnerability assessments. So while CIS Operates the OVAL Repository, and we perform a certain degree of QA on the content that is submitted. CIS QA does not validate the instructions embodied by the content.
Therefore, there can be issues with the instructions embodied by the OVAL content is incorrect. To best address these issues, the creator of the content should be tasked to review and fix the content. A GitHub issue can be created in the OVAL Repository to address this, and should include the exact OVAL definition identifier and labeled as a “bug” or “question”.
With this OVAL Community set up, there is a difference in the compatibility and support with CIS-CAT compared to the Benchmarks that are specifically built and updated to run in the CIS-CAT Pro Assessor.
Similarly for the Red Hat, SuSE and Ubuntu Linux Vulnerability content, this content is generated by the community, or in SLES case, Novell.
If there are false positives in the assessment, that is actually more likely an issue with the OVAL content generated by the community, rather than the CIS-CAT Tools ability to assess the content and questions should be directed towards the appropriate community
0 Comments