Download presentation
Presentation is loading. Please wait.
1
Introduction to OVAL to SACM Info Model Paper
Matt Hansbury Danny Haynes May 12, 2015
2
Open Vulnerability and Assessment Language
OVAL is an XML-based language for encoding details about how to assess the state of endpoint. Founded in 2002 as a community-driven effort Operated by the MITRE Corporation on behalf of DHS OVAL is widely adopted Supported by 45 organizations, with 63 products and services, across 13 countries (lots of running code) Defined as the primary checking language for the Security Content Automation Protocol (SCAP) IPR Considerations MITRE holds trademark and copyright for OVAL, on behalf of the U.S. Department of Homeland Security (DHS) DHS and MITRE are currently working on resolving
3
Paper Overview Map existing OVAL Language structures into any appropriate components defined by the SACM Information Model (IM), make specific concrete recommendations for the Working Group, and provide relevant lessons learned Many SACM IM components are aligned with OVAL data models The paper maps each of the relevant components from the IM into the appropriate data model provided by OVAL Concrete recommendations, based on 10+ years of experience in endpoint assessment, are provided as a way forward Finally, the paper discusses a set of relevant lessons learned through the long running effort, along with takeaways for the SACM WG
4
Key Recommendations Use the OVAL System Characteristics Model for data collection Models operating system level constructs Some modifications and/or extensions will be needed, but, could serve as a starting point Use the OVAL Definitions Model for Evaluation and Collection Guidance Encodes both Collection and Evaluation Guidance in a single model Some effort will be required to de-couple the components, but, may serve as a starting point Do NOT use the OVAL Results Model for assessment results Never quite satisfied the community’s need for granularity or ease of use
5
Key Lessons Learned Simplicity is Key
Ensure that the diversity of the information to be shared fits with the types of organizations that must share it De-couple Collection and Evaluation Empower Subject Matter Experts (SMEs) Primary source vendors and other SMEs know best Provide them the means to easily and effectively convey how to do so Carrots Work Better than Sticks Rely on solid business reasons that drive vendors to adopt rather than regulatory mandates
6
Next Steps Continue discussion on SACM mailing list
Revise document based on feedback Consider implications of IPR and related issues Plan out schedule for contribution of actual OVAL data models
7
Resources OVAL Web Site OVAL and the SACM Information Model
Security Content Automation Protocol (SCAP)
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.