Skip to Content
Information
Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

SCAP features

The Security Content Automation Protocol (SCAP) features in BMC Server Automation comply with the Technical Specification for the Security Content Automation Protocol (SCAP): Version 1.0.

Using features in the BMC Server Automation Console, you import SCAP content from third-party sources.

The imported content, known collectively as an SCAP Benchmark, is an organized collection of the following SCAP components: security checklists in Extensible Configuration Checklist Description Format (XCCDF), configuration assessments in Open Vulnerability and Assessment Language (OVAL), platform-specific content in a Common Platform Enumeration dictionary (cpe-dictionary) file, and, optionally, a patches file.

Validation against the SCAP schemas occurs during the import. An imported benchmark is a well-formed XCCDF expressed data stream. You can import multiple SCAP Benchmarks.

After importing the SCAP Benchmarks, you create, run, and manage SCAP Compliance Jobs. Each job selects an SCAP Benchmark, profiles within the benchmark, and target servers. SCAP Compliance Jobs are fully integrated into the BMC Server Automation product and include all standard Job features of the product, such as server smart groups to automatically collect target servers based on rules; GUI-based Job editing; automatically recurring job scheduling; automated email notifications and SNMP traps to report job results; and role-based access control (RBAC) on all activities.

OVAL checks are processed on the target servers. Their results are used by BMC Server Automation in forming the final XCCDF results. The BMC Server Automation Console shows the result state for each rule. Results are organized in two views: one view shows results by target server and another view shows results for each rule across all servers. Rule results can be one of nine values, including Pass, Fail, Error, and Unknown.

You can export the results to an XML file compliant with the XCCDF specification. The exported file is accompanied by an XSLT file, enabling you to view the contents in a human readable format using a web browser.

The exported results include active links to full descriptions for all referenced Common Platform Enumeration (CPE) IDs, Common Configuration Enumeration (CCE) IDs and Common Vulnerabilities and Exposures (CVE) IDs. Results also include severity indications using the Common Vulnerability Scoring System (CVSS) specification, if applicable to the benchmark.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Server Automation 8.3