Beginning with the January 2018 Quarterly Release, DISA will publish updated benchmarks using the Security Content Automation Protocol (SCAP), version 1.2. Migration to the SCAP 1.2 standard started with the recent release of the Windows Server 2016 Benchmark and will continue with the forthcoming release of the Red Hat Enterprise Linux 7 Benchmark.
SCAP 1.2 introduces new capabilities for automated assessments through its updated component languages, providing more flexibility in developing new content. Some of these capabilities, listed below, may be utilized in future DISA Benchmark updates or new releases.
DISA continues validation testing of SCAP 1.2 content with recent versions of HBSS/ePO/Policy Auditor, SPAWAR SCC, and ACAS. Though the content will be published as a ZIP file, ePO requires that the contents of the ZIP be extracted and then imported, rather than the ZIP file itself.
As SCAP 1.2 releases of benchmarks are posted, previous SCAP 1.1 releases will be removed from IASE. To prepare for SCAP 1.2 content, please ensure your organization is using the current STIG tools and automation content available from IASE.