Skip to content

Commit 7006759

Browse files
authored
Merge pull request #223 from OVAL-Community/oval6-develop
Merge oval6-develop into master for OVAL 6 release
2 parents ce613bf + bef8744 commit 7006759

File tree

115 files changed

+13548
-67288
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

115 files changed

+13548
-67288
lines changed

guidelines/community-organization/oval-leadership-board.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ Current Members
2424
* `Canonical <https://canonical.com/>`_ - Eduardo Barretto
2525
* `Cisco <https://www.cisco.com/>`_ - Omar Santos
2626
* `Center for Internet Security <https://www.cisecurity.org>`_ - Justin Burr, Tim Rosner
27-
* `Defense Information Systems Agency (DISA) <https://www.disa.mil/>`_ - Jamaal Spearman, Brady Alleman
27+
* `Defense Information Systems Agency (DISA) <https://www.disa.mil/>`_ - Jamaal Spearman, Brady Alleman, Brian Snodgrass
2828
* `HCL Group <https://hcl.com/>`_ - Anurag Srivastava
2929
* `Modulo <https://www.modulo.com/>`_ - Alberto Bastos
3030
* `National Institute of Standards and Technology (NIST) <https://www.nist.gov/>`_ - Dragos Prisaca, Bob Gendler

guidelines/conf.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,9 @@
2424
author = 'The OVAL community with notable contributions by David Ries (jovalcm.com), Adam Montville (cisecurity.org), and Bill Munyan (cisecurity.org).'
2525

2626
# The short X.Y version
27-
version = '5.12'
27+
version = '6.0'
2828
# The full version, including alpha/beta/rc tags
29-
release = '5.12'
29+
release = '6.0'
3030

3131

3232
# -- General configuration ---------------------------------------------------

guidelines/getting-started.rst

Lines changed: 109 additions & 103 deletions
Original file line numberDiff line numberDiff line change
@@ -76,103 +76,107 @@ variables
7676
Variables provide a way to group one or more values for consistent reference within other OVAL content.
7777
|
7878
79-
An Annotated Sample
79+
Sample Definition (OVAL 6.0 encapsulated style)
80+
tests, objects, states and variables are encapsulated within the OVAL definition. This makes for much easier to read defintions, and much more portable content, you can copy a defintion from one content file to another.
8081
-------------------
81-
82-
Below is a sample OVAL definition file::
83-
84-
<?xml version="1.0" encoding="UTF-8"?>
85-
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd">
86-
<generator>
87-
<!--
88-
The generator element provides metadata about the tool/application used to develop the OVAL Content.
89-
-->
90-
<oval:schema_version>5.11.2</oval:schema_version>
91-
<oval:timestamp>2018-07-31T17:30:20</oval:timestamp>
92-
</generator>
93-
94-
<definitions>
95-
<!--
96-
The definitions element contains the OVAL definition(s) to be exchanged.
97-
-->
98-
<definition class="compliance" id="oval:org.oval-community.example:def:1" version="1">
99-
<!--
100-
This definition checks compliance.
101-
-->
102-
<metadata>
103-
<!--
104-
The metadata element contains information about the definition, including its title and description. This definition checks whether WinRM traffic is encrypted or not.
105-
-->
106-
<title>WinRM Traffic Must be Encrypted</title>
107-
<affected family="windows">
108-
<platform>Microsoft Windows Server 2016</platform>
109-
</affected>
110-
<reference ref_id="CCE-46378-6" ref_url="http://cce.mitre.org" source="CCE"/>
111-
<description>The Windows Remote Management (WinRM) client must not allow unencrypted traffic.</description>
112-
</metadata>
113-
<notes>
114-
<note>This sample was based on an OVAL definition included in the Windows Server 2016 STIG available at https://iase.disa.mil/ </note>
115-
</notes>
116-
criteria operator="AND">
117-
<!--
118-
The criteria element specifies the assertion to be tested using information gathered from the endpoint.
119-
-->
120-
<criterion comment="Verifies 'WinRM Client: Allow unencrypted traffic' is set to 'Disabled'" test_ref="oval:org.oval-community.example:tst:1"/>\
121-
<!--
122-
The criterion elements define logical terms in the assertion. This criteria only uses 1 criterion element to check if 'WinRM Client: Allow unencrypted traffic' is set to 'Disabled'.
123-
124-
By default, the truth values returned by the tests are AND'ed to determine the truth value of the assertion.
125-
-->
126-
</criteria>
127-
</definition>
128-
</definitions>
129-
130-
<tests>
131-
<!--
132-
The tests element contains the OVAL Test(s). OVAL Tests specify what to search for on an endpoint (i.e., objects) and what is expected to be found (i.e., states).
133-
134-
The registry_test is used to check information in the Windows registry.
135-
-->
136-
<registry_test check="all" check_existence="at_least_one_exists" comment="WinRM Client: Allow unencrypted traffic is set to 'Disabled'" id="oval:org.oval-community.example:tst:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
137-
<!--
138-
This registry_test checks that 'Allow unencrypted traffic' is set to 'Disabled'.
139-
-->
140-
<object object_ref="oval:org.oval-community.example:obj:1"/>
141-
<state state_ref="oval:org.oval-community.example:ste:1"/>
142-
</registry_test>
143-
</tests>
144-
145-
<objects>
146-
<!--
147-
The objects element contains the OVAL Object(s).
148-
149-
The registry_object is used to search for information in the Windows registry.
150-
-->
151-
<registry_object comment="WinRM Cl ient: AllowUnencryptedTraffic registry key" id="oval:org.oval-community.example:obj:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
152-
<!--
153-
This registry_object specifies that the registry key containing the policy definition for 'WinRM Client: Allow unencrypted traffic' should be checked.
154-
-->
155-
<hive datatype="string" operation="equals">HKEY_LOCAL_MACHINE</hive>
156-
<key datatype="string" operation="equals">Software\Policies\Microsoft\Windows\WinRM\Client</key>
157-
<name datatype="string" operation="equals">AllowUnencryptedTraffic</name>
158-
</registry_object>
159-
</objects>
160-
161-
<states>
162-
<!--
163-
The states element contains the OVAL State(s).
164-
165-
The registry_state is used to describe information expected to be found in the Windows registry.
166-
-->
167-
<registry_state comment="Reg_Dword equals 0" id="oval:org.oval-community.example:ste:1" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
168-
<type>reg_dword</type>
169-
<!--
170-
This registry_state specifies that an integer matching '0' is expected to be found in the registry.
171-
-->
172-
<value datatype="int" operation="equals">0</value>
173-
</registry_state>
174-
</states>
175-
82+
<snippet>
83+
<content><![CDATA[
84+
.. code-block:: ${1:type}
85+
:linenos:
86+
87+
<oval_definitions xmlns="urn:oval:v6:definitions"
88+
xmlns:independent-def="urn:oval:v6:definitions:independent"
89+
xmlns:win-def="urn:oval:v6:definitions:windows"
90+
xmlns:oval="urn:oval:v6:common"
91+
xmlns:oval-def="urn:oval:v6:definitions"
92+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
93+
94+
xsi:schemaLocation="urn:oval:v6:definitions https://raw.githubusercontent.com/OVAL-Community/OVAL/refs/heads/6.0_release/oval-schemas/oval-definitions-schema.xsd
95+
urn:oval:v6:common https://raw.githubusercontent.com/OVAL-Community/OVAL/refs/heads/6.0_release/oval-schemas/oval-common-schema.xsd
96+
urn:oval:v6:definitions:windows https://raw.githubusercontent.com/OVAL-Community/OVAL/refs/heads/6.0_release/oval-schemas/windows-definitions-schema.xsd
97+
urn:oval:v6:definitions:independent https://raw.githubusercontent.com/OVAL-Community/OVAL/refs/heads/6.0_release/oval-schemas/independent-definitions-schema.xsd">
98+
<generator>
99+
<oval:product_name>A human being</oval:product_name>
100+
<oval:schema_version>6.0</oval:schema_version>
101+
<oval:timestamp>2024-12-13T17:30:20</oval:timestamp>
102+
</generator>
103+
<definitions>
104+
<encapsulated_definition id="oval:oval-community:def:1" version="2" class="inventory">
105+
<metadata>
106+
<title>Windows is installed</title>
107+
<description>Computer is in the windows family</description>
108+
</metadata>
109+
<criteria>
110+
<criterion test_ref="oval:oval-community:tst:1" comment="The installed operating system belongs to the Microsoft Windows family" />
111+
</criteria>
112+
<tests>
113+
<family_test xmlns="urn:oval:v6:definitions:independent" id="oval:oval-community:tst:1" version="1" check="all" comment="The installed operating system belongs to the Microsoft Windows family">
114+
<object object_ref="oval:oval-community:obj:1" />
115+
<state state_ref="oval:oval-community:ste:1" />
116+
</family_test>
117+
</tests>
118+
<objects>
119+
<family_object xmlns="urn:oval:v6:definitions:independent" id="oval:oval-community:obj:1" version="1" comment="OS family" />
120+
</objects>
121+
<states>
122+
<family_state xmlns="urn:oval:v6:definitions:independent" id="oval:oval-community:ste:1" version="1" comment="Microsoft Windows family">
123+
<family>windows</family>
124+
</family_state>
125+
</states>
126+
</encapsulated_definition>
127+
</definitions>
128+
</oval_definitions>
129+
130+
131+
Sample OVAL 6.0 definition file (non-encapsulated style)
132+
This style has separate silos of data for definitions, tests, objects, states, variables. This makes for easy sharing of existing tests, objects, states, variables within a single file, but can make the file very hard to read/understand/maintain. It also makes it very challenging to copy a definition from one file to another.
133+
-------------------
134+
<snippet>
135+
<content><![CDATA[
136+
.. code-block:: ${1:type}
137+
:linenos:
138+
139+
<oval_definitions xmlns="urn:oval:v6:definitions"
140+
xmlns:independent-def="urn:oval:v6:definitions:independent"
141+
xmlns:win-def="urn:oval:v6:definitions:windows"
142+
xmlns:oval="urn:oval:v6:common"
143+
xmlns:oval-def="urn:oval:v6:definitions"
144+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
145+
146+
xsi:schemaLocation="urn:oval:v6:definitions https://raw.githubusercontent.com/OVAL-Community/OVAL/refs/heads/6.0_release/oval-schemas/oval-definitions-schema.xsd
147+
urn:oval:v6:common https://raw.githubusercontent.com/OVAL-Community/OVAL/refs/heads/6.0_release/oval-schemas/oval-common-schema.xsd
148+
urn:oval:v6:definitions:windows https://raw.githubusercontent.com/OVAL-Community/OVAL/refs/heads/6.0_release/oval-schemas/windows-definitions-schema.xsd
149+
urn:oval:v6:definitions:independent https://raw.githubusercontent.com/OVAL-Community/OVAL/refs/heads/6.0_release/oval-schemas/independent-definitions-schema.xsd">
150+
<generator>
151+
<oval:product_name>A human being</oval:product_name>
152+
<oval:schema_version>6.0</oval:schema_version>
153+
<oval:timestamp>2024-12-13T17:30:20</oval:timestamp>
154+
</generator>
155+
<definitions>
156+
<definition id="oval:oval-community:def:1" version="2" class="inventory">
157+
<metadata>
158+
<title>Windows is installed</title>
159+
<description>Computer is in the windows family</description>
160+
</metadata>
161+
<criteria>
162+
<criterion test_ref="oval:oval-community:tst:1" comment="The installed operating system belongs to the Microsoft Windows family" />
163+
</criteria>
164+
</definition>
165+
</definitions>
166+
<tests>
167+
<family_test xmlns="urn:oval:v6:definitions:independent" id="oval:oval-community:tst:1" version="1" check="all" comment="The installed operating system belongs to the Microsoft Windows family">
168+
<object object_ref="oval:oval-community:obj:1" />
169+
<state state_ref="oval:oval-community:ste:1" />
170+
</family_test>
171+
</tests>
172+
<objects>
173+
<family_object xmlns="urn:oval:v6:definitions:independent" id="oval:oval-community:obj:1" version="1" comment="OS family" />
174+
</objects>
175+
<states>
176+
<family_state xmlns="urn:oval:v6:definitions:independent" id="oval:oval-community:ste:1" version="1" comment="Microsoft Windows family">
177+
<family>windows</family>
178+
</family_state>
179+
</states>
176180
</oval_definitions>
177181

178182

@@ -215,18 +219,20 @@ XCCDF
215219
The `eXtensible Configuration Checklist Description Format <https://csrc.nist.gov/projects/security-content-automation-protocol/scap-specifications/xccdf>`_ language describes security checklists. Documents in this format may reference OVAL components or documents, as well as ones from other standards, creating a portable and flexible checklist.
216220
|
217221
218-
SCE
219-
The `Script Check Engine <https://www.open-scap.org/features/other-standards/sce/>`_ complements OVAL with scripts that check things that OVAL cannot or does not. SCE results files are created as an XML. By using XLST transformations, OVAL and SCE results can be aggregated into a single HTML file or PDF document.
220-
|
221-
222222
CPE
223223
The `Common Platform Enumeration <https://cpe.mitre.org/specification/>`_ provides a standard naming scheme for IT platforms and systems. OVAL uses it to consistently identify the target platforms of checks and definitions.
224224
|
225225
226-
Datastreams
227-
**Datastream** is a format that consolidates multiple SCAP components into a single file (including OVAL).
226+
OCIL
227+
The `Open Checklist Interactive Language <https://csrc.nist.gov/Projects/Security-Content-Automation-Protocol/Specifications/ocil>`_ provides a method for interviewing the end user to answer test that cannot be automated.
228+
|
229+
230+
SCAP Datastreams
231+
The 'SCAP Datastream <https://csrc.nist.gov/projects/security-content-automation-protocol/scap-releases/scap-1-3>`_ is a format that consolidates multiple SCAP components into a single file (including OVAL).
232+
|
228233
229-
**ARF**, or the **Asset Reporting Format**, is also called Result Datastream. It consolidates multiple results files into one.
234+
ARF
235+
The `Asset Reporting Format <https://csrc.nist.gov/Projects/Security-Content-Automation-Protocol/Specifications/arf>`_ , is also called Result Datastream. It consolidates multiple results files into one.
230236
|
231237
232238
Next Steps

guidelines/index.rst

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,15 @@
55
66
.. _welcome-to-the-guidelines:
77

8-
The OVAL Community Version 5.12 Documenation
8+
The OVAL Community Version 6.0 Documenation
99
=========================================
1010

1111
Welcome to the guidelines for OVAL, the Open Vulnerability and Assessment Language. These guidelines are designed to explain everything you need to know to start contributing to OVAL (or link you to places to ask questions, should the explanations not suffice), as well as provide a variety of standards and resources to the community.
1212

13-
If you are looking for documentation for OVAL version 5.11.2, please visit: https://oval-community-guidelines.readthedocs.io/en/5.11.2_release/
13+
If you are looking for documentation for documentation on previous versions of OVAL
14+
15+
* OVAL version 5.12: https://oval-community-guidelines.readthedocs.io/en/5.12_release/
16+
* OVAL version 5.11.2: https://oval-community-guidelines.readthedocs.io/en/5.11.2_release/
1417

1518
**Notice:**
1619

@@ -24,6 +27,12 @@ What is OVAL?
2427

2528
OVAL is an open language built by security experts, system administrators, and software developers to universalize assessment and reporting on the state of computer systems.
2629

30+
What changed in version 6.0?
31+
--------------------------
32+
* Removed all deprecated items from OVAL 5.12, in order to substantially decrease the size/complexity of the language. This was accomplished without removing any functionality from currently published SCAP/OVAL content. 139 different OVAL deprecated tests were removed from 5.12 to 6.0, along with several entire platforms.
33+
* Added the concept of an 'encapsulated definition', which allows for OVAL definition files to have a new element called 'encapsulated_definition', which contains all of the tests, objects, states and variables needed to perform the given defintion. This was added to allow content to be easier to write, maintain, and merge with other files.
34+
* Added new schemas for Vmware ESX and Kubernetes
35+
2736
Who is the OVAL Community?
2837
--------------------------
2938

0 commit comments

Comments
 (0)