I have raised this issue with QualysGuard, but has anyone had any luck importing a policy from XML into the tool? For example, I cannot import a DISA STIG for a specific technology. The tool shoots back error messages. Is this even possible?
It must be a format mis-match.
Did youy try with a new SCAP policy and then import "SCAP Source Data Stream content"
Go to PC/SCAP > Policies and select New > SCAP Policy. Select the SCAP version (1.0 or 1.2) and the related SCAP content to upload to the policy. Click Next and the service will perform schema validation. Please resolve any content errors reported online. Once you pass schema validation, select a SCAP benchmark. If you want you can customize the benchmark details.
Also ensure you have your scanner enabled for SCAP and you are subscribed to the SCAP module on your QG subscription.
Would you mind sharing the reference to the content you are trying to upload.
Many of the DISA content is classified as tier II which are not build to be used for automated tools.
DISA Content Tier II
I see, so in order to create checks for specific technologies, I would have to use a custom built policy?
Retrieving data ...