OVAL Requirements
Ā Open Vulnerability and Assessment Language (OVAL) Requirements
- OVAL.V.1: The product's documentation (printed or electronic) must state that it uses OVAL and explain relevant details to the users of the product.
See Standards.
- OVAL.V.3 (part 1): The vendor shall provide instructions on how validation of OVAL content is performed and where errors from validation will be displayed within the product output.
On the Reports tab, search for the report named SCAP Data Validation Issues.
- OVAL.V.3 (part 2): The vendor shall provide instructions on how the user can view the XML OVAL Definitions being consumed by the product.
On the Profiles tab, select the profile of interest. On the right side, expand the groups to reveal rules. Double-clicking on a rule will then display the definitions (and their content).
- OVAL.V.4: The vendor shall provide instructions on how a valid OVAL Definitions file can be imported into the product for interpretation.
See Importing Profiles.
- OVAL.V.5 (part 1) :The vendor shall also provide instructions on where the resultant OVAL XML Full Results output can be viewed by the tester.
See Viewing Results in Other Formats.
- OVAL.V.5 (part 2): The vendor shall indicate how two or more values can be specified for a variable used by one OVAL Definition.
Multiple values may be specified for an OVAL external variable. This causes OVAL test results with variable instance specifiers.