How to create a custom SCAP policy
You need a Security Content Automation Protocol (SCAP) policy to evaluate hosts for SCAP compliance. SCAP content is compliant with SCAP 1.0 and 1.2 specifications that the National Institute of Standards and Technology (NIST) has defined.
Tell me about user permissionsTell me about user permissions
The SCAP application must be enabled for the subscription. Managers and Auditors have permissions to create and edit SCAP policies.
How to create a policy with SCAP 1.2 content
SCAP 1.2 content consists of a single file: SCAP source data stream collection.
To create a policy with SCAP 1.2 content:
- Go to PA > Policies and select New > SCAP Policy.
- Select the SCAP version 1.2 option and then browse to the data stream collection file.
- Click Next, and we perform schema validation.
- Resolve any content errors reported online.
After passing schema validation, you can see the SCAP benchmark details. - In the drop-down lists, select the source data stream ID, benchmark ID, and profile title (that corresponds to the profile ID) intended for evaluation.
Once you save your policy, you cannot modify these selections. You can, however, create new policies with different selections.
- When you complete making your selections, click Create to save your new policy.
A policy is saved with the type SCAP.
How to create a policy with SCAP 1.1/1.0 content
SCAP 1.1/1.0 content consists of the foloowing files: XCCDF Content, CPE OVAL Definitions, CPE 2.0 Dictionary, OVAL Compliance Definitions. The file OVAL Patch Definitions is optional.
To create a policy with SCAP 1.1/1.0 content:
- Go to PA > Policies and select New > SCAP Policy.
- Select the SCAP version 1.1/1.0 option and then select the XCCDF content file plus additional data files.
- Click Next and we perform schema validation.
- Resolve any content errors reported online.
- Once you pass schema validation, select a SCAP benchmark. You can customize the details if you want.
- Click Create to save your new policy.
A policy is saved with the type SCAP.
How to create a policy with OVAL content
To create a policy with OVAL content:
- Go to PA > Policies and select New > SCAP Policy.
- Select the Custom OVAL definitions & external variables option and then select the content to be uploaded.
- Select an OVAL definition file and optionally an OVAL external variable file.
- Click Next.
The benchmark is automatically generated for your policy. - Click Create to save your new policy.
A policy is saved with the type OVAL.
How to assign assets to your policy
You should assign assets to your policy at this time. These are the hosts you want to scan against this policy. Ensure to assign relevant hosts (for example, assign Windows 7 hosts to a Windows 7 policy).
At least one asset group must be assigned to the policy for scanning.
Looking for something else?
Is my new policy ready to use?Is my new policy ready to use?
Once your policy is available in your list and you have assigned assets to it, you are ready to start scanning. You can notice when you launch a SCAP scan, you can select the policy from the SCAP Policy menu. To view policy information, select Info from the Quick Actions menu.
Tell me about Schematron ValidationTell me about Schematron Validation
If using SCAP 1.0, you have the option to perform Schematron Validation if you would like the service to perform this validation in addition to Schema validation. We recommend this validation unless you have already performed it using another tool. This increases the time it takes to validate the policy content files.
Are there policies I can import?Are there policies I can import?
Yes. You can import a policy that meets the NIST standards. Learn more
Select a policy from your policies list and check out the preview pane. You can see the generated date (when the content was originally created/officially published) and the last updated date (when the policy was created/modified).