One of my clients is moving some of their services to a 3rd party cloud hosting provider with a relatively new service, and has requested regular security auditing of these boxes with reports. Their software is targeted at CentOS 5.6/5.7 and hence they won't be moving to 6.x for some time.
For the compliance audit I see that there is an XCCDF for rhel 6.x in the scap security guide project - https://fedorahosted.org/scap-security-guide/
But I didn't find anything obviously similar for CentOs 5.6/5.7
Does such a thing exist for rhel5/centos5 versions, or do I have to tailor a general benchmark checklist, or something similar?