These are common question amongst operational guys and there needs to be piece of software to help answer them. Let me introduce project SCAPtimony, its motives and mission statements.
SCAPtimony project gives full testimony about compliance of your infrastructure. SCAPtimony is open source compliance center build on top of SCAP, the U.S. Government standard. SCAPtimony is a collection (database) of auditable assets, SCAP policies, audit schedules, SCAP results, and waivers. SCAPtimony is modern, RESTful, highly efficient, robust, and cloud-class scalable solution to the common problem of SCAP document storage. Going forward, SCAPtimony pushes the envolope by leveraging OpenSCAP to empower administrators in a sustainable way! ... Bingo!
+ Define security/compliance policies
+ Archive distinct versions of the policy
+ Upload SCAP content and assign it with the policy
+ Set-up a periodical schedule of audits for the policy
+ Organization defined targeting (Assign a set of nodes with the policy)
+ Define known-issues and waivers (Assign waivers with a set of nodes and the policy)
+ Set-up rules for automated deletion of SCAP results
+ Achieve SCAP audit results from your infrastructure
+ Provide API for tools to upload collected SCAP results
+ Result post-processing
+ Search SCAP results
+ Search for non-compliant systems
+ Search for not audited systems
+ Comparison of audit results
+ Waive known issues
Let me know, if your feature is missing. In the meantime, source codes are brewing at https://github.com/OpenSCAP/scaptimony.
And by the way, project SCAPtimony would never be possible if there was no oscap_source redesign in OpenSCAP. That redesign significantly improved post-processing capabilities of OpenSCAP needed especialy for SCAPtimony's waivers.