Security FAQ

PDI, IAVA, CVE, RHSA, etc. What is the difference and what do they mean to me?

The ASTi SCC Non-Compliance Supplement Report is based on the Defense Information Systems Agency (DISA) Red Hat Security Technical Implementation Guides (STIGs) and SCAP Tool results. Each entry in this report contains a Potential Discrepancy Item (PDI). That PDI will link to a particular reference (as seen in the report) like an Information Assurance Vulnerability Alert (IAVA) number or STIG reference for example. When you review that reference in the STIG checklist you will see that it often contains the IAVA number as well as a Common Vulnerabilities and Exposures (CVE) number. CVEs is a list of publicly known information security vulnerabilities and exposures that is maintained by Mitre. These CVEs are typically cross-referenced in the Red Hat Security Advisories (RHSAs) published by Red Hat® Enterprise Linux®. As the Telestra and Voisus platforms run RHEL these RHSAs can be a useful tool in determining whether a patch has been applied to a particular package that resides on the platform.