how does fortify scan a Linux configuration for compliance to a DISA stig
Please detail your use case. Fortify SCA is used for code analysis for security risks ("SAST"). Fortify WebInspect is used to scan web sites and web services for vulnerabilities ("DAST"). It sounds as if you are seeking an OS scanner, and neither of these products are meant for that use case.