The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2
Table of Contents
Executive Summary ................................................................................................................... 1
1. Introduction ........................................................................................................................ 3
1.1 Authority .................................................................................................................... 3
1.2 Purpose and Scope ................................................................................................... 3
1.3 Audience ................................................................................................................... 3
1.4 Document Structure .................................................................................................. 4
1.5 Document Conventions ............................................................................................. 4
2. SCAP 1.2 Conformance ..................................................................................................... 7
2.1 Product Conformance................................................................................................ 8
2.2 Source Content Conformance ................................................................................... 8
3. SCAP Content Requirements and Recommendations .......................................................10
3.1 SCAP Source Data Stream ..................................................................................... 10
3.1.1 Source Data Stream Data Model ..................................................................12
3.1.2 Source Data Stream Collection Validation ....................................................17
3.1.3 Globally Unique Identifiers ...........................................................................18
3.2 Extensible Configuration Checklist Description Format (XCCDF) ............................ 18
3.2.1 General ........................................................................................................18
3.2.2 The <xccdf:Benchmark> Element ................................................................19
3.2.3 The <xccdf:Profile> Element ........................................................................20
3.2.4 The <xccdf:Rule> Element ...........................................................................20
3.2.5 The <xccdf:Value> Element .........................................................................23
3.2.6 The <xccdf:Group> Element.........................................................................23
3.3 Open Vulnerability and Assessment Language (OVAL) ........................................... 23
3.4 Open Checklist Interactive Language (OCIL) .......................................................... 26
3.5 Common Platform Enumeration (CPE) .................................................................... 26
3.6 Common Configuration Enumeration (CCE) ............................................................ 27
3.7 Common Vulnerabilities and Exposures (CVE) ....................................................... 28
3.8 Common Vulnerability Scoring System (CVSS) ....................................................... 28
3.9 Common Configuration Scoring System (CCSS) ..................................................... 28
3.10 XML Digital Signature .............................................................................................. 28
4. SCAP Content Processing Requirements and Recommendations ....................................30
4.1 Legacy Support ....................................................................................................... 30
4.2 Source Data Streams .............................................................................................. 30
4.3 XCCDF Processing ................................................................................................. 31
4.3.1 CPE Applicability Processing .......................................................................31
4.3.2 Check System Usage ...................................................................................31
4.4 SCAP Result Data Streams ..................................................................................... 32
4.4.1 The Component Reports ..............................................................................33
4.4.2 The Target Identification ...............................................................................33
4.4.3 The Source Data Stream ..............................................................................33
4.4.4 The Relationships ........................................................................................33
4.5 XCCDF Results ....................................................................................................... 34
4.5.1 Assigning Identifiers to Rule Results ............................................................36
4.5.2 Mapping OVAL Results to XCCDF Results ..................................................37
4.6 OVAL Results .......................................................................................................... 38
评论0
最新资源