Rescanning an Instance for Compliance
Use the SCC or OpenSCAP tool to scan the instance to verify it remains compliant.
Changes to an Oracle Linux STIG Image instance (such as installing other applications or adding new configuration settings) can affect compliance. We recommend scanning to check that the instance is compliant after any changes. In addition, you might need to perform subsequent scans to check for regular, quarterly DISA STIG updates.
Using the OpenSCAP Tool
The OpenSCAP tool is available in Oracle Linux and certified by the National Institute of Standards and Technologies (NIST).
Using the SCC Tool
The SCC tool is the official tool for checking government compliance and can be used to scan an Oracle Linux STIG Image instance.
To scan Arm architecture (aarch64), you must use SCC version 5.5 or later.
For instructions on using the SCC tool, see the SCAP Tools table at https://public.cyber.mil/stigs/scap/.