SCAP packages (security checklists) define a collection of data streams, and each of these data streams is expected to reference external components:
- Dictionaries: Provides references to the CPE standard
- Checklists: Provides references to the XCCDF standard
- Checks: Provides references to OVAL or OCIL standards
It is created when the downloaded security checklist is imported into CM and unzipped and parsed.
Starting from version 1.2, SCAP defines itself a specific XML file format. The idea is to provide a container for embedding all the required components into a single file. Before version 1.2, different XML files were required in order to conduct an SCAP scan. Additionally, the new standard makes it possible to build mappings between components, easing cross reference between each of them.
Security checklists of versions 1.0 and 1.1
The package is downloaded in the form of a zip file that contains an xccdf , one or more OVAL check files, optional CPE dictionaries and possibly some other files. The xccdf file contains one benchmark only and its profiles.
By default, an imported SCAP package and its data stream are created with the same name as that of the benchmark in CM .
Security checklists of version 1.2
The downloaded package is either a individual xml file or it can be a zip file that can contain several xml files. Each xml file is a data stream collection containing a list of data streams. Each of these data streams can contain several benchmarks, which in turn, can also have several profiles.
By default, each SCAP package is given the name of the associated data stream collection in CM .
General data of an SCAP package
This view displays the following data about a specific SCAP package:
This column displays the name of the selected SCAP package.
This field displays the version number of the package.
The field displays the date at which the package was validated.
This field displays the use case for the package. This field is only applicable to packages of version 1.0 and 1.1.