Standards
Security Analysis Solution is built completely around the SCAP standard, allowing customers to import and manage their XCCDF benchmarks (checklists) which are used for assessing their computers.
Acronyms
Acroynm |
Name |
Description |
|---|---|---|
SCAP |
Security Content Automation Protocol |
Specification for expressing and manipulating security data in standardized ways that allow machine-readable assessment and misconfiguration remediation. |
OVAL |
Open Vulnerability and Assessment Language |
XML specification for exchanging technical details on how to check systems for security-related software flaws, configuration issues and patches. |
XCCDF |
eXtensible Configuration Checklist Description Format |
XML-based specification for structured collections of security configuration rules. |
CPE |
Common Platform Enumeration |
Naming convention for hardware, OS and application products. |
CVE |
Common Vulnerability Enumeration |
Dictionary of publicly-known security-related software flaws. |
CCE |
Common Configuration Enumeration |
Dictionary of software security configuration issues. |
CVSS |
Common Vulnerability Scoring System |
Method for classifying characteristics of software flaws and assigning severity scores based on these characteristics. |
Compliance
Security Analysis Solution supports:
Standard |
Supported Versions |
|---|---|
SCAP |
1.0 - 1.1 |
OVAL |
5.3 - 5.9 |
XCCDF |
1.1.4 - 1.2 |
CCE |
5.0 |
CPE |
2.2 |
CVSS |
2.0 |