To post to this group, send email to scap...@list.nist.gov
To unsubscribe from this group, send email to scap-dev+u...@list.nist.gov
Visit this group at https://list.nist.gov/scap-dev
To unsubscribe from this group and stop receiving emails from it, send an email to scap-dev+u...@list.nist.gov.
"The OpenSCAP Daemon is a service that runs in the background. It makes sure your machines and containers are evaluated according to the schedule you specify. Functionality can be divided into two categories — continuously evaluating machines against a specific policy, and one-off evaluation. Under the hood it uses the NIST-certified oscap tool, but wraps it in an interface which is easier to use."
Now whether that daemon is only performing this SCAP service on and only for a single machine in question, or if that daemon is able to query other devices (or act as a SCAP server?) is not clear to me.
My cursory understanding of SCAP is that when you have various devices on the network, they do not know the extent to which they are updated or patched against known exploits, and perhaps SCAP allows them to pro-actively seek out some authoritative server where they can ascertain their level of patching? And if they are deficient then at least the server knows it? And perhaps the server can hand off the appropriate patches to the device?
On Jan 8, 2021, at 10:48 PM, Tim Horton <peggyg...@gmail.com> wrote: