Forum Discussion

Ryan Means's avatar
Ryan Means
Copper Contributor
May 17, 2021

Baselines in SCAP/Nessus audit format

Are the latest Windows 10 baselines available in a format that can be ingested by Nessus for compliance checking? SCAP? I know these used to be available from Nessus directly but have since been remov...
FLeven's avatar
FLeven
Copper Contributor
Jan 19, 2022
What about publishing the baselines in DSC format, would speed up proof reading and versioning ?
AaronMargosis_Tanium's avatar
AaronMargosis_Tanium
Iron Contributor
Jan 19, 2022

FLeven - IIRC the last time I looked into it (a couple of years ago), DSC could not reliably handle Advanced Auditing settings nor most Security Options (esp. the items persisted in inaccessible areas of the registry and/or in undocumented formats).

Implementations I've seen in the past had bugs and/or took dependencies on US-English. 

That said, that might have been addressed in the interim.

  • FLeven's avatar
    FLeven
    Copper Contributor
    Jan 20, 2022

    I know, take a look at the policy analyzer, regarding US-dependent.

    What would be the official way to do automated reporting on "security" compliance based on GPO's to ensure an environment stays perfectly as it was designed, to not loose any kind of certification I went through ?
    I went for a time with pester tests (16K items plus incl. baselines + custom), DSC at least would combine configuration/reporting and offer a SQL-Database to work with.

Resources