I am starting to research the implementation of DISA STIG compliance reports in NCM. I am discovering that some of the commands (for example,DISA STIG-V8R19-CSCO-OS-L2SW - SSH) only show up in the "show run all" output. The issue with this is NCM is only looking at the running-config and those commands do not appear.
For those of you that are using these reports, how do you prove to auditors that you are compliant?
I am running NCM 7.8