What is the difference between 'Red Hat Enterprise Linux STIG - Ver 3, Rel 3' and 'Red Hat Enterprise Linux 7 STIG Benchmark -Ver3,Rel3'
I've been assigned to STIG our current rhel7 servers and when I go to 'public.cyber.mil/stigs/downloads' to download the zip file to import into stigviewer, I see two files.
Red Hat Enterprise Linux 7 STIG - Ver 3,Rel 3
Red Hat Enterprise Linux 7 STIG Benchmark - Ver 3, Rel 3
Can someone explain what are the differences between the two and which one should I use.
Solution 1:
As @GregAskew said, the "STIG" is for a manual review and the "STIG Benchmark" is for use with automated SCAP tools. If you are expected to perform a complete review, you should use the full "STIG" (not the Benchmark), as it will contain a number of checkpoints for things that cannot be automated, like the creation of specific system documentation, or the documentation of specific organizational policies.