×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Space banner

   

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.
BMC Client Management 12.8 ... Administering Configuring compliance management Configuring SCAP Compliance SCAP Packages

SCAP Package

SCAP packages (security checklists) define a collection of data streams, and each of these data streams is expected to reference external components:

  • Dictionaries: Provides references to the CPE standard
  • Checklists: Provides references to the XCCDF standard
  • Checks: Provides references to OVAL or OCIL standards

It is created when the downloaded security checklist is imported into CM and unzipped and parsed.

Starting from version 1.2, SCAP defines itself a specific XML file format. The idea is to provide a container for embedding all the required components into a single file. Before version 1.2, different XML files were required in order to conduct an SCAP scan. Additionally, the new standard makes it possible to build mappings between components, easing cross reference between each of them.

Security checklists of versions 1.0 and 1.1

The package is downloaded in the form of a zip file that contains an xccdf , one or more OVAL check files, optional CPE dictionaries and possibly some other files. The xccdf file contains one benchmark only and its profiles.

By default, an imported SCAP package and its data stream are created with the same name as that of the benchmark in CM .

Security checklists of version 1.2

The downloaded package is either a individual xml file or it can be a zip file that can contain several xml files. Each xml file is a data stream collection containing a list of data streams. Each of these data streams can contain several benchmarks, which in turn, can also have several profiles.

By default, each SCAP package is given the name of the associated data stream collection in CM .

General data of an SCAP package

This view displays the following data about a specific SCAP package:

Parameter

Description

Name

This column displays the name of the selected SCAP package.

Version

This field displays the version number of the package.

Validation Date

The field displays the date at which the package was validated.

Use Case

This field displays the use case for the package. This field is only applicable to packages of version 1.0 and 1.1.

Related topics

Was this page helpful? Yes No Submitting... Thank you
Last modified by Rohit Parmar on May 26, 2016

Comments

Log in or register to comment.

Deleting SCAP packages
SCAP package Data Stream
© Copyright 2013 - 2021 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.