Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Standards

Security Analysis Solution is built completely around the SCAP standard, allowing customers to import and manage their XCCDF benchmarks (checklists) which are used for assessing their computers.

Acroynm

Name

Description

More Detail

SCAP

Security Content Automation Protocol

Specification for expressing and manipulating security data in standardized ways that allow machine-readable assessment and misconfiguration remediation.

http://scap.nist.gov

OVAL

Open Vulnerability and Assessment Language

XML specification for exchanging technical details on how to check systems for security-related software flaws, configuration issues and patches.

http://oval.mitre.org

XCCDF

eXtensible Configuration Checklist Description Format

XML-based specification for structured collections of security configuration rules.

http://scap.nist.gov/specifications/xccdf/

CPE

Common Platform Enumeration

Naming convention for hardware, OS and application products.

http://cpe.mitre.org

CVE

Common Vulnerabilities and Exposures

Dictionary of publicly-known security-related software flaws.

http://cve.mitre.org

CCE

Common Configuration Enumeration

Dictionary of software security configuration issues.

http://cce.mitre.org

CVSS

Common Vulnerability Scoring System

Method for classifying characteristics of software flaws and assigning severity scores based on these characteristics.

http://www.first.org/cvss

Compliance

Security Analysis Solution supports:

Standard

Supported Versions

SCAP

1.0 - 1.1

OVAL

5.3 - 5.9

XCCDF

1.0 - 1.1.4

CCE

5.0

CPE

2.2

CVSS

2.0

Implementation

XCCDF

Security Analysis Solution provides the way to import and export SCAP content in the form of XCCDF benchmarks. These benchmarks can be downloaded from external sources, imported from a file or built by using any SCAP content editor tool. Profiles are contained within these benchmarks and are used within policies to perform assessments and remediation for managed computers.

See Also:

CPE

Security Analysis Solution utilizes CPEs for building target filters of managed computers. After a profile is imported, the server will analyze the CPEs that are related to that profile and perform an applicability test to determine which CPEs apply to the managed computers. From this analysis, target filters will be created and made available for targeting policies. These filters are used to define the default set of computers that a policy will apply to when building a policy and can be further refined within the policy.

See Also:

CVE

A CVE represents a published software flaw or vulnerability, which many software vendors maintain to help mitigate risk associated with their software. CVE references are used within profiles to assess the vulnerability of computers. Security Analysis Solution imports CVEs that are referenced in profiles and associates these entities within the CMDB. It also stores analysis results of computers, providing detailed reports and actionable events to help system administrators quickly and centrally control these vulnerabilities.

  • No labels