I tried using the “Import Windows SCAP Content” dashboard to import settings for 2012R2 that I pulled from Microsoft’s “Security Compliance Manager” tool but I’m getting errors even when all and none of the check-boxes are checked and the import is set to “Lax”. Is there an issue with importing SCAP content for 2012R2?
I have successfully imported DISA’s SCAP so it must be related to the formatting of Microsoft’s export.
The SCAP Import Tool currently supports the SCAP 1.0/1.1/1.2 Windows Platform specifications only.
Perhaps the MS tool added some additional definitions that are not part of the specs.
Is the 2012R2 source content publicly available?
It is but, considering what you said, it would make sense since the content is produced in SCAP 1.0 format.
Do you have a link to the content that I can take a look at?
I got it by downloading their SCM Component. It works great at actually crafting your GPO based off of checklists they generated and recommend. They are less definitive on which standards they are actually using. Some are DISA compliant and some aren’t which is to be expected. However the exporting of the data from SCM into SCAP form can only be achieved by exporting into SCAP 1.0 from their native GUI.