Types of Profile Updates

Types of Benchmark Updates

When updating the profile, you'll be making one of three types of changes:

1. Patch Update: These frequent updates cover missing corner cases of testing for one or more benchmark requirements, or improvements to the InSpec code for a requirement. These updates result in a new patch release of the benchmark, such as going from v1.12.4 to v1.12.5. We aim to release these updates on a regular schedule, either weekly, bi-weekly, or monthly.
2. Release Update: These updates occur when the STIG Benchmark owner releases an updated version of the STIG, for example, going from Red Hat Enterprise Linux V1R12 to V1R13.
3. Major Version Update: These updates occur when a software vendor releases a new major version of their product's STIG. For example, when Red Hat releases version 9 of Red Hat Enterprise Linux or Microsoft releases a new major version of Windows, such as Windows 2024 or Windows 12.

Scope of the Update Patterns

The STIGs and CIS Benchmarks are scoped within the Major Version of the software products they represent.

Updates or amendments to a Benchmark's requirements are tracked within the 'Releases' of the Benchmark.

As we mentioned in the previous section, there is no concept of 'back-patching'; it is a 'forward-only' process.

Each requirement is indexed from their source SRG document, aligned to a CCI, and then given a unique Rule ID and STIG ID in the respective XCCDF Benchmark document.

Here is an example of various indices you may recognize:

tag gtitle: 'SRG-OS-000480-GPOS-00227'
tag gid: 'V-230221'
tag rid: 'SV-230221r858734_rule'
tag stig_id: 'RHEL-08-010000'
tag fix_id: 'F-32865r567410_fix'
tag cci: ['CCI-000366']