Versions Compared

Old Version 7

changes.mady.by.user Anonymous

Saved on

compared with

New Version 8

changes.mady.by.user Max Pinion (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Standards

Security Analysis Solution (SAS) is built completely around the SCAP standard, allowing customers to import and manage their XCCDF benchmarks (checklists) which are used for assessing their computers. Security standards and their acronyms are included in the following list: [[Are there any standards to add or remove for the new version? mp05/04/15]]

Acroynm

Name

Description

More Detail

Anchor
SCAP
SCAP
SCAP

Security Content Automation Protocol

Specification for expressing and manipulating security data in standardized ways that allow machine-readable assessment and misconfiguration remediation.

http://scap.nist.gov

Anchor
OVAL
OVAL
OVAL

Open Vulnerability and Assessment Language

XML specification for exchanging technical details on how to check systems for security-related software flaws, configuration issues and patches.

http://oval.mitre.org

Anchor
XCCDF
XCCDF
XCCDF

eXtensible Configuration Checklist Description Format

XML-based specification for structured collections of security configuration rules.

http://scap.nist.gov/specifications/xccdf/

Anchor
CPE
CPE
CPE

Common Platform Enumeration

Naming convention for hardware, OS and application products.

http://cpe.mitre.org

Anchor
CVE
CVE
CVE

Common Vulnerabilities and Exposures

Dictionary of publicly-known security-related software flaws.

http://cve.mitre.org

Anchor
CCE
CCE
CCE

Common Configuration Enumeration

Dictionary of software security configuration issues.

http://cce.mitre.org

Anchor
CVSS
CVSS
CVSS

Common Vulnerability Scoring System

Method for classifying characteristics of software flaws and assigning severity scores based on these characteristics.

http://www.first.org/cvss

Compliance

Security Analysis Solution supports: [[Are there any supported versions to add or remove for the new version? mp05/04/15]]

Standard

Supported Versions

SCAP

1.0 - 1.1

OVAL

5.3 - 5.9

XCCDF

1.0 - 1.1.4

CCE

5.0

CPE

2.2

CVSS

2.0

Security Analysis Solution is SCAP-compliant with these following capabilities: [[Are there any capabilities to add or remove for the new version? mp05/04/15]]

  • FDCC Scanner
  • Authenticated Configuration Scanner
  • Authenticated Vulnerability and Patch Scanner

Implementation

SCAP

Security Content Automation Protocol (SCAP) is a public specification that provides for standardized and automatable security configuration and vulnerability assessment, comprised of the eXtensible Configuration Checklist Description Format (XCCDF), Open Vulnerability and Assessment Language (OVAL), Common Platform Enumeration (CPE), Common Configuration Enumeration (CCE), Common Vulnerabilities and Exposures (CVE) and Common Vulnerability Scoring System (CVSS).

...