Versions Compared

Old Version 11

changes.mady.by.user Max Pinion

Saved on

compared with

New Version 12

changes.mady.by.user Max Pinion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SAS embraces the SCAP standard and can import SCAP content into the Arellia Management Server (AMS). For further details, go to [REVIEW] SAS 8.x Overview

...

SAS is compatible with XCCDF benchmarks and other types of checklists that adhere to the XCCDF specification including industry standards from:

  • Federal Desktop Core Confederation (FDCC)
  • United States Government Configuration Baseline (USGCB)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Sarbanes-Oxley Act (SOX)
  • Payment Card Industry Data Security Standard (PCI-DSS)

These benchmarks can be downloaded directly within the product on SAS on the Download Profiles page, which presents a list of links to the author's published content from sources such as NIST. The product SAS also supports uploading multiple benchmarks or other checklists through the web browser interface , directly from the user's file system in the form of XML files or compressed (ZIP) files of XML documents.

During the import of these benchmarks, the profiles and other related SCAP elements are correlated within the CMDBAMS during the import of these benchmarks. The profiles are then used within security configuration policies to perform scheduled assessments and (optionally) automated remediation to keep the targeted computers in compliance to the policies defined by the computer administrator.

Assessment results can be output as XCCDF Results results and made available in many reports across multiple endpoints and even between various OVAL checks, taking full advantage of customer's your investments in CMDB-related configuration management.

See Also:

For further information, go to Security Profiles.

OVAL

Arellia Security Analysis Solution supports Open Vulnerability Assessment Language (OVAL). OVAL is SAS supports OVAL, a public standard for creating vulnerability, configuration, and patch checks using a declarative XML syntax.

Arellia Security Analysis Solution SAS imports OVAL content from SCAP data content streams . The product performs the evaluation of OVAL Definitionsand evaluates OVAL definitions, generally in the context of XCCDF Benchmark Profilesbenchmark profiles, to test configuration settings and vulnerabilities on managed computers through an agent-based plug-in to the Symantec Management Agent. XCCDF provides ways to adjust adjusts the configuration of these assessments to better suit the customer needs, all orchestrated within our user interface.

...