Open Vulnerability and Assessment Language (OVAL) Requirements
...
OVAL.V.1
The product's documentation (printed or electronic) must state that it uses OVAL and explain relevant details to the users of the product.
...
For further details, go to Standards.
OVAL.V.3 (part 1)
...
...
The vendor shall provide instructions on how validation of OVAL content is performed and where errors from validation will be displayed within the product output.
...
In the Thycotic Security Manager, click the Reports tab
...
and search for the report named SCAP Data Validation Issues.
OVAL.V.3 (part 2)
...
The vendor shall provide instructions on how the user can view the XML OVAL
...
definitions being consumed by the product.
...
- In the Thycotic Security Manager, click the Profiles tab
...
- and select the profile of interest.
...
- In the right side, expand the groups to reveal rules.
- Double-
...
- click a rule
...
- to display the definitions (and their content).
OVAL.V.4
...
The vendor shall provide instructions on how a valid OVAL Definitions file can be imported into the product for interpretation.
...
For further information, go to Import profiles.
OVAL.V.5 (part 1)
...
The vendor shall also provide instructions on where the resultant OVAL XML
...
full results output can be viewed by the tester.
...
For further details, go to Viewing Results in Other Formats.
OVAL.V.5 (part 2)
...
The vendor shall indicate how two or more values can be specified for a variable used by one OVAL Definition.
...
Multiple values may be specified for an OVAL external variable. This causes OVAL test results with variable instance specifiers.