I’ve got some compliance stuff coming up for windows server baselines and I’m fairly literate in the whole scap scan, import into stig viewer and review open or not reviewed items. My question that I’m trying to figure out, is scap scans always that far behind the stig baselines?????

Basically where we are at is cybermil has released stig GPOs for 2016 and it’s like V2R8…. But damn scap scans, when you scan 2016 it shows when you check say 2016 that the scan is from V2R5. It’s 3 sometimes 4-5 versions behind. I know not much changes, but I don’t want this to be a question with SOC were they ask why are your checklists for an earlier version than what your stig baseline is suppose to be…. Is there any way to update the scap scan file? I looked online and when you download from cybermil for latest scap tool it has the latest file to import for scap scan already…..

Any help much appreciated.