Now, let's say that we need to ensure that our systems are compliant with Payment Card Industry standards. We'll first scan the CentOS machine to see what needs remediation. (Note that the following command is very long and wraps around on the printed page.)

sudo oscap xccdf eval --profile pci-dss --results scan-xccdf-results.xml /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml

As we always like to do,  let's break this down:

• xccdf eval: The Extensible Configuration Checklist Description is one of the languages with which we can write security profile rules. We're going to use a profile that was written in this language to perform an evaluation of the system.
• --profile pci-dss: Here, I specified that I want to use ...