Fortify SCA 24.4.0 with 2024 Q4 Rulepacks: DISA STIG 6.1 BIRT report not available for export

I'm using Fortify SCA 24.4.0 with Q4 2024 Rulepacks.  The release notes for the 2024 Q4 security content update indicate that the DIS STIG 6.1 report is supported in them.  However, I don't see a corresponding item in the Fortify SCA 24.4.0 release notes indicating that it includes support for the report and the report is not available to be generated by the application.  Is this expected or something that may have been missed somehow?  Can we expect to see support for this report in the 25.2 release?  Thanks!

  • 0

    After doing some digging into Fortify SSC export capabilities today, I have found that in our environment, we do have a STIG 6.1 column being exported for the audit views for my project versions even though the DISA STIG report options in SSC and the Audit Workbench for 24.4.0 both contain only versions up to 5.3.  Once I figure out can figure out which API calls contain the STIG cross-reference data, I may not care about exporting the PDF reports through either native Fortify application anymore, but it does seem the data is present, just not easily accessible to somebody who isn't going to write a tool to flex the API.  Thanks!