Copy the file 'ssg-sle12-ds.xml' to the machine to be tested, then run this:

    sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-sle12-disa --oval-results --report report.html ssg-sle12-ds.xml

Afterwards, 'report.html' will contain a HTML file listing all the results, and the files 'ssg-sle12-cpe-oval.xml.result.xml' and 'ssg-sle12-oval.xml.result.xml' will contain the results in XML format. 

To check that no installed packages has a security update peinding, the option '--fetch-remote-resources' must be specified. However, this takes some time and resources (especially RAM).

To automatically fix identified problems, add the '--remediate' option.

Some configuration values depend on the deployment environment. For that, SCAP Workbench [1] can be used to create a "tailoring" of the provided XCCDF file that e.g. overrides required variable configuration values or disables tests not applicable to the target environment.


1: https://www.open-scap.org/tools/scap-workbench/