Status: IN
OpenSCAP compliance scanning on RHEL 9 uses the `oscap` command with profiles from the `scap-security-guide` package located at `/usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml`.
Source: repo:entries/2026/03/04/en-documentation-red_hat_enterprise_linux-9-html-security_hardening.md