...
- The vendor shall provide instructions on how to execute a previously imported valid FDCC SCAP-expressed data stream.
See Creating a Policy.
- The product's documentation (printed or electronic) must state that it uses SCAP and explain relevant details to the users of the product.
See Standards.
- The vendor shall indicate which one or more of the defined SCAP capabilities their product is being tested for.
See Standards.
- The vendor shall provide product documentation that enumerates the general product capabilities for the target platform (e.g., antivirus, intrusion detection, firewall) that relate to the asserted SCAP capabilities.
See Overview.
- The vendor shall provide instructions on where the dates for all offline SCAP data can be inspected in the product output.
See Viewing Results in Other Formats.
...
- The vendor shall provide documentation explaining how an SCAP-expressed data stream can be imported into the product and subsequently executed.
See Importing Profiles.
Compliance Mapping Output Requirements
- The vendor shall provide documentation explaining where CCE compliance mappings can be viewed within the product output.
See Viewing Results in Other Formats.
...
- The vendor shall provide instructions on how an SCAP-expressed data stream can be imported and executed on the target system to remediate non-compliant settings. The vendor shall also provide instructions on where the results of the remediation action can be viewed within the product output.
See: