OpenSCAP content for SLE 16

[sounix000]

PR creator: Description

OpenSCAP content for SLE 16.

PR creator: Are there any relevant issues/feature requests?

• bsc#...
• jsc#...

PR reviewer: Checklist for editorial review

Apart from the usual checks, please double-check also the following:

• do any new files fulfill the naming conventions specified in https://github.com/SUSE/doc-modular/blob/main/templates/README.md?
• article title/structure title: does it have the required length and does it use sentence style capitalization?
• revhistory: is it up-to-date and does it follow the guidelines specified in https://documentation.suse.com/style/current/html/style-guide-db/sec-smartdocs.html#sec-revhistory?
• metadata: does it follow the guidelines specified in https://documentation.suse.com/style/current/html/style-guide-db/sec-smartdocs.html#sec-taglist-smartdocs?

[lvicoun]

Hi Souvik,
please see my suggestions. Thanks!

[lvicoun]

Hi Souvik,
LGTM. Thanks!

[dariavladykina]

Hi, please see some suggestions here. Thanks!

[dariavladykina]

I would remove the first 2 paragraphs here - they are explained in section 2 - and just leave "The following sections describe...", and add a para in front of it saying sth like: This article explains how to use &oscap; and SSG to audit and harden &suselinunx; systems against recognized security baselines.

[dariavladykina]

I'd add the SSG explained here to safely use the abbreviation later:

Suggested change

	Automation Protocol (SCAP) framework. Combined with the &ssg;, it enables automated
	Automation Protocol (SCAP) framework. Combined with the &ssg; (SSG), it enables automated

[dariavladykina]

Maybe a more descriptive heading? I also suggested to change the structure down in the file.

Suggested change

	<title>Overview</title>
	<title>Auditing and hardening &suselinux; with &openscap;</title>

[dariavladykina]

Suggested change

	<title>Preparing the IT Infrastructure</title>
	<title>Preparing the IT infrastructure</title>

[dariavladykina]

Suggested change

	<title>Preparation steps</title>
	<title>What pre-hardening steps should you follow?</title>

[dariavladykina]

Suggested change

	Automated scanning and remediation reduces manual effort, ensures consistent policy
	enforcement across systems, and supports compliance with regulations such as HIPAA,
	PCI-DSS v4, and ANSSI-BP-028.
	Automated scanning and remediation reduce manual effort, ensure consistent policy
	enforcement across systems, and support compliance with regulations such as HIPAA,
	PCI-DSS v4 and ANSSI-BP-028.

[dariavladykina]

Suggested change

	SCAP consists of the following components, which interact with each other to describe,
	evaluate, and report on the security state of a system.
	SCAP consists of the following components, which interact to describe,
	evaluate and report on the security state of a system.

[dariavladykina]

Suggested change

	Remediation must be run more than once. Rules are applied in alphabetical order, some rules
	Remediation must be run more than once. Rules are applied in alphabetical order. Some rules

[dariavladykina]

Suggested change

	Run remediation more than once. Rules are applied in alphabetical order, dependencies
	Run remediation more than once. Rules are applied in alphabetical order. Dependencies

[dariavladykina]

Suggested change

	<title>What's Next</title>
	<title>What's next</title>

[dariavladykina]

Suggested change

	Some &ssg; content references external OVAL files, for example to check whether the system is
	Some &ssg; content references external OVAL files, for example, to check whether the system is