Update XML digital signatures from MAY to SHALL

usnistgov / SCAP

The repository will be used to track issues and post specifications related to the Security Automation Protocol (SCAP).

1 stars 0 forks source link

Update XML digital signatures from MAY to SHALL #7

Open dragosprisaca opened 3 weeks ago

dragosprisaca commented 3 weeks ago

The source SCAP datastreams require to be digitally signed to ensure integrity and authenticity.

vanderpol commented 3 weeks ago

Per previous SCAP 3.0 discussions, it appears that SCAP 3.0 will not mandate all content to be digitally signed, but strongly recommend that content be digitally signed. I would recommend going one step further with the documentation and state that SCAP applications MAY refuse to run unsigned content.