When the customer runs an SCAP evaluation job such as the SCAP benchmark located at https://iase.disa.mil/stigs/os/windows/u_windows_2008_r2_ms_v1r7_stig_benchmark_20130329.zip, the results returned revealed that almost every check had failed, usually around or near the 97% mark.
An error from the Data Collector would appear as something like this:
6/12/2013 1:47:40 PM,Windows Data Collector: query returned with message(s).," Error occurred while fetching trustees : The Trustee parameter regular expression is invalid! Parameter= *. Error : The parameter is incorrect. - The Trustee parameter regular expression is invalid! Parameter= * - The parameter is incorrect.","Warning ",Domain Name\Machine-Name,Windows Machine,,
Product defect. The SCAP profiles contained some rules which referred to local variables containing objects wrapped inside. Data collection for such rules\objects was not working and an exception was thrown.
Due to this exception for some of the rules, no data collection was performed for the other rules in the SCAP profile therefore most of the rules resulted in a FAIL status.
Install Quick Fix 10328 for CCS 11.0 with Product Update 2013-2 & Security Content Update 2013-1. Please see the attached QF file in this KB article.
Microsoft Windows Server 2008 R2