Statement of OVAL Implementation

The Open Vulnerability Assessment Language is used by the SCAP application to define and test system vulnerabilities, patches and configuration values. OVAL content consists of configuration and patch definitions. The SCAP application supports the OVAL schema and will support subsequent versions. Users have the ability to import custom OVAL content for evaluation into their account through the user interface. The SCAP application interprets OVAL definitions using the OVAL Definition Interpreter, and executes scans remotely against target machines and returns the OVAL test results for evaluation against XCCDF checklists and benchmarks.

After the remote scan completes successfully, users can run SCAP compliance reports that identify OVAL references, including definition of the actual tests executed, objects and variables used, and OVAL state, the expected data types and values, as well as the OVAL test results for OVAL definitions and test references.

The SCAP Policy XML Report is an XCCDF result document which adheres to the XCCDF specification. The Policy XML Report constrains the portion of the XCCDF specification dealing with XCCDF test results. The <check> element, a child of the <Rule> element, holds the OVAL specification for the rule.

The evidence section in the SCAP Individual Host Report and the SCAP Rule Pass/Fail Report includes OVAL information when evidence is requested in the report setup. The evidence content for each rule is displayed in a tree like structure with nodes that represent the logic of the rule and the scan tests performed on each host.