Importing new SCAP packages
SCAP packages can be added to BMC Client Management at any time. Before you can import packages into BMC Client Management you need to download them, for example from the NVD (National Vulnerability Database) of the NIST (National Institute of Standards and Technology) http://web.nvd.nist.gov/view/ncp/repository website.
Click Edit > Import SCAP Package .To import SCAP packages, proceed as follows:
- The Select an SCAP Package window opens on the screen.
- Browse to the directory into which you downloaded the package and select it.
- Click Open.
The imported file (zip or xml) is send to the master, which unzips and parses it. It then creates the new SCAP package in the CM database with its associated components (data streams, benchmarks, profiles, OVAL checks, etc.). The imported files are saved in a subdirectory with the ID of the newly created package as its name, in the <master_installation_path>/data/Vision64Database/scap/packages/<package_id> directory.
You can view the package components in the respective tabs and sub-nodes.
To import SCAP 1.0 and 1.1 packages
SCAP 1.0 and 1.1 contents are made of multiple standalone XML documents (XCCDF benchmark, XCCDF tailoring, OVAL definitions, CPE dictionary). To import such packages, the XML files must be bundled into a ZIP file, and the archive must be imported.
To provide a consistent user experience, SCAP 1.0 and 1.1 packages are imported as SCAP data stream collections. Therefore, some virtual items are automatically created to bind the standalone documents together. The data stream collection name and the data stream name are both derived from the benchmark’s identifier.
To import SCAP 1.2 and 1.3 packages
SCAP 1.2 and 1.3 contents are bundles. From now, all the documents that were previously separated in SCAP 1.0 and 1.1 are merged into a single XML document. Consequently, importing a single XML file is enough in most cases.
Nevertheless, some SCAP 1.2 and 1.3 contents have references to external documents (CPE dictionary, XCCDF benchmark or OVAL definitions). In this case, the external documents must be imported along with the SCAP content itself. BMC Client Management will recognize and extract these external references, but it will not try to acquire the documents. This behavior is more secure because the administrator keeps control on the processed documents. Besides, some BMC Client Management environments do not have a direct access to the internet, in which case external documents cannot be acquired autonomously. To import a SCAP 1.2 or 1.3 package with external references, a ZIP file must be created and imported. This archive must include the package to import and all the external dependencies. All the files should be added at the root of the ZIP archive. It's important to note that BMC Client Management rejects SCAP 1.2 and 1.3 packages if one or more external dependencies cannot be found in the imported item.
The following SCAP 1.3 content r3005-datastream-03.xml makes reference to the external r3005-datastream-01.xml document twice. Importing this single XML file fails with an error.
The master log file provides more information about the missing files.
The log file displays the missing files (r3005-datastream-01.xml) and the uniform resource identifier under which they are referenced (file:r3005-datastream-01.xml, the URI fragment can be ignored). This information makes it possible for the administrator to acquire the external documents. Then, the two r3005-datastream-03.xml and r3005-datastream-01.xml files must be bundled into a ZIP file and the archive must be imported.
SCAP 1.2 and 1.3 packages can also be imported in batches. In order to import multiple SCAP 1.2 and 1.3 documents at the same time, make a ZIP archive including all the files to import. BMC Client Management automatically creates multiple SCAP packages, one for each imported SCAP content. The SCAP packages name is derived from their data stream collection identifier. Notice that SCAP 1.2 and 1.3 files that are detected to be external dependencies for other contents are not imported as SCAP packages, but are imported along with their referencing package.
To import OVAL only documents
It is possible to import a single OVAL definitions document. Similar to the import of SCAP 1.0 and 1.1 packages, BMC Client Management automatically creates virtual items to provide a consistent user experience. In this case, a virtual data stream collection, data stream and XCCDF benchmark are automatically created. The benchmark is populated with rules, one for each definition extracted from the OVAL document. The rules description makes reference to the OVAL definitions identifier they are associated with. Notice that no XCCDF profile gets created since all the XCCDF rules are selected by default. To get more information about OVAL only contents, please check the corresponding OVAL-Only-SCAP-Content.
To import XCCDF tailoring documents
XCCDF tailoring documents can be imported directly from SCAP 1.2 or 1.3 contents by the means of data stream collection components. They can also be imported as external documents. To import external XCCDF tailoring documents, make a ZIP archive including the SCAP package files and the XCCDF tailoring documents, and import the archive. XCCDF tailoring documents may include information about the benchmark for which they provide one or more profiles, but this is purely informational. Therefore, all the profiles from the XCCDF tailoring documents are automatically added to all the benchmarks detected during the import operation. The BMC Client Management user interface distinguishes standard profiles and tailoring profiles using a trailing (tailoring) pattern in the profiles name: