Download Introduction to OVAL to SACM Info Model Paper

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
Document related concepts
no text concepts found
Transcript 
Introduction to OVAL to
SACM Info Model Paper
Matt Hansbury
Danny Haynes
May 12, 2015
Open Vulnerability and Assessment Language
• OVAL is an XML-based language for encoding details about how to assess the
state of endpoint.
• Founded in 2002 as a community-driven effort
• Operated by the MITRE Corporation on behalf of DHS
• OVAL is widely adopted
• Supported by 45 organizations, with 63 products and services, across 13 countries (lots of
running code)
• Defined as the primary checking language for the Security Content Automation Protocol
(SCAP)
• IPR Considerations
• MITRE holds trademark and copyright for OVAL, on behalf of the U.S. Department of
Homeland Security (DHS)
• DHS and MITRE are currently working on resolving
Paper Overview
• Many SACM IM components are aligned with OVAL data models
• The paper maps each of the relevant components from the IM into the
appropriate data model provided by OVAL
• Concrete recommendations, based on 10+ years of experience in
endpoint assessment, are provided as a way forward
• Finally, the paper discusses a set of relevant lessons learned through the
long running effort, along with takeaways for the SACM WG
Key Recommendations
• Use the OVAL System Characteristics Model for data collection
• Models operating system level constructs
• Some modifications and/or extensions will be needed, but, could serve as a starting
point
• Use the OVAL Definitions Model for Evaluation and Collection Guidance
• Encodes both Collection and Evaluation Guidance in a single model
• Some effort will be required to de-couple the components, but, may serve as a
starting point
• Do NOT use the OVAL Results Model for assessment results
• Never quite satisfied the community’s need for granularity or ease of use
Key Lessons Learned
• Simplicity is Key
• Ensure that the diversity of the information to be shared fits with the types of
organizations that must share it
• De-couple Collection and Evaluation
• Empower Subject Matter Experts (SMEs)
• Primary source vendors and other SMEs know best
• Provide them the means to easily and effectively convey how to do so
• Carrots Work Better than Sticks
• Rely on solid business reasons that drive vendors to adopt rather than regulatory
mandates
Next Steps
• Continue discussion on SACM mailing list
• Revise document based on feedback
• Consider implications of IPR and related issues
• Plan out schedule for contribution of actual OVAL data models
Resources
• OVAL Web Site
• OVAL and the SACM Information Model
• Security Content Automation Protocol (SCAP)
Related documents
Eucalyptus polyanthemos
Eucalyptus polyanthemos
Function Definition
Function Definition
02-Shape Game - TeachersTeacherProjects
02-Shape Game - TeachersTeacherProjects
Herbs A - C : Costmary
Herbs A - C : Costmary
Key
Key
FloweringDogwood
FloweringDogwood
ORGANELLE
ORGANELLE
ORGANELLE LOCATION DESCRIPTION FUNCTION cell walll plant
ORGANELLE LOCATION DESCRIPTION FUNCTION cell walll plant
Sarah and the President - 9-6-2012
Sarah and the President - 9-6-2012
Round and Oval Window Reinforcement in Superior
Round and Oval Window Reinforcement in Superior