OVAL Only SCAP Content


It is required for SCAP consumers to be able to process OVAL only contents. OVAL only content includes a single OVAL definitions file and may include one additional external OVAL variables file. While this goal can be achieved manually using the mtxscap binary through either a Windows console or Unix terminal, CM SCAP implementation makes it possible to import, validate and display results in console for such content.

In order to realize this task, the import operation creates a virtual benchmark and several XCCDF rules, one for each OVAL definition. Because the process does not create a profile, all the rules are selected by default. The imported content is initially declared SCAP 1.0 unless OVAL version 5.8 is detected. In that case, it is turned into SCAP 1.1. Note, that since the SCAP version is either 1.0 or 1.1, other virtual entities are created, including a data stream collection and a data stream. As a consequence, administrators can visualize all these components from console, up to the XCCDF rules connected to the OVAL definitions. For easing this task, both the OVAL definitions title and description are copied into their corresponding XCCDF rules.

The import operation shall respect the import rules. If a single OVAL definitions file must be imported, then operation can be applied on this single file. If an external OVAL variables file must be imported at the same time, then an archive file including the OVAL definitions file and the OVAL variables file must be imported instead. Note, that default scoring is applied to the virtual benchmark where all the rules are identified with a default 1.0 weight.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Client Management 24.1