The approach taken in the scap-security-guide seems to be to map low level actions back to high level controls. How do I determine if the set of actions completely or only partially satisfies the control?
joe
scap-security-guide@lists.fedorahosted.org