cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Baselines in SCAP/Nessus audit format

Ryan Means
Copper Contributor

‎May 16 2021 09:44 PM

‎May 16 2021 09:44 PM

Baselines in SCAP/Nessus audit format

Are the latest Windows 10 baselines available in a format that can be ingested by Nessus for compliance checking? SCAP? I know these used to be available from Nessus directly but have since been removed.
2,072 Views
1 Like
7 Replies
Reply
7 Replies
Rick_Munck

‎May 24 2021 04:50 AM

‎May 24 2021 04:50 AM

Re: Baselines in SCAP/Nessus audit format

@Ryan Means not at this time.  We are evaluating the possibility of something in the future but still in the information gathering stage.

1 Like
Reply
FLeven

‎Jan 19 2022 02:11 AM

‎Jan 19 2022 02:11 AM

Re: Baselines in SCAP/Nessus audit format

What about publishing the baselines in DSC format, would speed up proof reading and versioning ?
0 Likes
Reply
Rick_Munck

‎Jan 19 2022 06:01 AM

‎Jan 19 2022 06:01 AM

Re: Baselines in SCAP/Nessus audit format

@FLeven it's not a request we get often at all.  Typically customers will use the method posted here (Quickstart - Convert Group Policy into DSC - PowerShell | Microsoft Docs) to fill this need

0 Likes
Reply
FLeven

‎Jan 19 2022 06:15 AM

‎Jan 19 2022 06:15 AM

RE: Baselines in SCAP/Nessus audit format

Yes, as the still open issues show, it is not without flaws and why should the customer take the responsibility for converting security baselines, that should be job of the software vendor ? Shouldn't be everything from the baseline already be in the OS itself, secure by default ... As I proposed on the mentioned Repo: convert it, test it , commit it. Please offer long due alternatives to Grouppolicy's and give customers a reason to switch to a modern configuration management.
0 Likes
Reply
Rick_Munck

‎Jan 19 2022 06:27 AM

‎Jan 19 2022 06:27 AM

RE: Baselines in SCAP/Nessus audit format

@FLeven we will discuss internally but cannot commit to anything at this point

0 Likes
Reply
AaronMargosis_Tanium

‎Jan 19 2022 10:47 AM - edited ‎Jan 19 2022 10:51 AM

‎Jan 19 2022 10:47 AM - edited ‎Jan 19 2022 10:51 AM

Re: Baselines in SCAP/Nessus audit format

@FLeven - IIRC the last time I looked into it (a couple of years ago), DSC could not reliably handle Advanced Auditing settings nor most Security Options (esp. the items persisted in inaccessible areas of the registry and/or in undocumented formats).

Implementations I've seen in the past had bugs and/or took dependencies on US-English. 

That said, that might have been addressed in the interim.

0 Likes
Reply
FLeven

‎Jan 20 2022 07:12 AM - edited ‎Jan 20 2022 07:25 AM

‎Jan 20 2022 07:12 AM - edited ‎Jan 20 2022 07:25 AM

Re: Baselines in SCAP/Nessus audit format

I know, take a look at the policy analyzer, regarding US-dependent.

What would be the official way to do automated reporting on "security" compliance based on GPO's to ensure an environment stays perfectly as it was designed, to not loose any kind of certification I went through ?
I went for a time with pester tests (16K items plus incl. baselines + custom), DSC at least would combine configuration/reporting and offer a SQL-Database to work with.

0 Likes
Reply