Evaluating DISA-STIG for Windows 7 returns only "notchecked"

Question

I've downloaded the DISA_STIG for Windows 7 from https://www.stigviewer.com/stig/windows_7/ (XML version) and tried to evaluate my desktop with OSCAP 1.3.0 for windows, with the command:

oscap xccdf eval --profile MAC-3_Public --results windows7.html disa-stig-windows7.xml

The OSCAP tool didn't complain about the file, but all checks returned the result notchecked with the warning:

Skipping rule that requires an unregistered check system or incorrect content reference to evaluate. Please consider providing a valid SCAP/OVAL instead of _chk` (where check_name is the name of the check within the xccdf file)

What should I do in order to run a successful evaluation?

score 1 · Answer 1 · answered Jan 02 '19 at 11:11

the XML provided in the reference doesn't contain automated checks (e.g.: OVAL), it seems there are only manual checks. Looking at system attributes of check elements, I noted something strange, it seems to be defining an ID for the check, instead of defining the checking system to use, as every rule has a different checking system.

What you need is a benchmark with automated checks.

Evaluating DISA-STIG for Windows 7 returns only "notchecked"

1 Answers1