jan-cerny
commented
2 weeks ago All our rules have the equal weight (1.0). The score is computed using the default XCCDF scoring model, see https://csrc.nist.gov/files/pubs/ir/7275/r4/upd1/final/docs/nistir-7275r4_updated-march-2012_clean.pdf section 7.3.2.2. But, I'm not sure if we implement the scoring model correctly or what is the reason of inconsistent score changes.
Description of problem:
I'm wondering if there is some way to tell what kind of weight the different SCAP findings hold, in order to tell by what percentage the score would increase if a certain finding is remediated.
SCAP Security Guide Version:
scap-security-guide-0.1.72-1.amzn2023.0.1.noarch
Operating System Version:
Amazon Linux 2023
Steps to Reproduce:
This is more of a general question.