Currently, some of the STIG rules stipulate that a for a user to be compliant, a certain registry value needs to exist and be set properly. However, the ntuser_test doesn’t have a way to enforce that a given registry key must exist for each user on the system. If one compliant user is found, an ntuser_item is collected for that user, and non-compliant users are skipped (so long as the key of interest is not present – which is often the default), and the rule is given a pass.
In NIWC's SCC application, they force the creation of a 'does not exist' item, which is allowed in OVAL and allows content to then report correctly, but is not being implemented this way in other tools, leading to inconsistently results.
Currently, some of the STIG rules stipulate that a for a user to be compliant, a certain registry value needs to exist and be set properly. However, the ntuser_test doesn’t have a way to enforce that a given registry key must exist for each user on the system. If one compliant user is found, an ntuser_item is collected for that user, and non-compliant users are skipped (so long as the key of interest is not present – which is often the default), and the rule is given a pass.
In NIWC's SCC application, they force the creation of a 'does not exist' item, which is allowed in OVAL and allows content to then report correctly, but is not being implemented this way in other tools, leading to inconsistently results.