I am trying to either use an existing Microsoft Baseline and modify it for my needs or to import a existing policy and create a SCAP benchmark on it. What i'm trying currently is Office 2010.
If I duplicate the Microsoft Baseline and simply add/remove settings from it I can get the necessary details I would like, however I cannot export it was a SCAP or DCM template. I tried exporting it as a GPO to see if re-importing it would allow me
to create a SCAP or DCM template and although it did I lost all the customized data (pretty much just comments referencing vulnerability numbers).
When trying from importing a policy first I pretty much only get a stripped down version of it (settings only) and I would like to be able to reference the CCE-ID field to something usefull as opposed to all default.
My end goal is to have the ability to create a SCAP or DCM template and to create/apply Group or local policies with the same configurations so that from a security standpoint one can know that the Group/Local Policy will meet every item in SCAP or
DCM.
Is this something where I would need to try and access/modify the database itself or is there an easier way that I am just missing?