Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to OVAL to SACM Info Model Paper

Published byStephen McGee Modified over 5 years ago

Similar presentations

Presentation on theme: "Introduction to OVAL to SACM Info Model Paper"— Presentation transcript:

1 Introduction to OVAL to SACM Info Model Paper
Matt Hansbury Danny Haynes May 12, 2015

2 Open Vulnerability and Assessment Language
OVAL is an XML-based language for encoding details about how to assess the state of endpoint. Founded in 2002 as a community-driven effort Operated by the MITRE Corporation on behalf of DHS OVAL is widely adopted Supported by 45 organizations, with 63 products and services, across 13 countries (lots of running code) Defined as the primary checking language for the Security Content Automation Protocol (SCAP) IPR Considerations MITRE holds trademark and copyright for OVAL, on behalf of the U.S. Department of Homeland Security (DHS) DHS and MITRE are currently working on resolving

3 Paper Overview Map existing OVAL Language structures into any appropriate components defined by the SACM Information Model (IM), make specific concrete recommendations for the Working Group, and provide relevant lessons learned Many SACM IM components are aligned with OVAL data models The paper maps each of the relevant components from the IM into the appropriate data model provided by OVAL Concrete recommendations, based on 10+ years of experience in endpoint assessment, are provided as a way forward Finally, the paper discusses a set of relevant lessons learned through the long running effort, along with takeaways for the SACM WG

4 Key Recommendations Use the OVAL System Characteristics Model for data collection Models operating system level constructs Some modifications and/or extensions will be needed, but, could serve as a starting point Use the OVAL Definitions Model for Evaluation and Collection Guidance Encodes both Collection and Evaluation Guidance in a single model Some effort will be required to de-couple the components, but, may serve as a starting point Do NOT use the OVAL Results Model for assessment results Never quite satisfied the community’s need for granularity or ease of use

5 Key Lessons Learned Simplicity is Key
Ensure that the diversity of the information to be shared fits with the types of organizations that must share it De-couple Collection and Evaluation Empower Subject Matter Experts (SMEs) Primary source vendors and other SMEs know best Provide them the means to easily and effectively convey how to do so Carrots Work Better than Sticks Rely on solid business reasons that drive vendors to adopt rather than regulatory mandates

6 Next Steps Continue discussion on SACM mailing list
Revise document based on feedback Consider implications of IPR and related issues Plan out schedule for contribution of actual OVAL data models

7 Resources OVAL Web Site OVAL and the SACM Information Model
Security Content Automation Protocol (SCAP)

Download ppt "Introduction to OVAL to SACM Info Model Paper"

Similar presentations

FEMA’s Guidelines and Standards Strategy ASFPM Conference May 23, 2012.

FEMA’s Guidelines and Standards Strategy ASFPM Conference May 23, 2012.
Document Number Here © 2006 The MITRE Corporation. All rights reserved. Holds and Diversions June 22, 2004.

Document Number Here © 2006 The MITRE Corporation. All rights reserved. Holds and Diversions June 22, 2004.
Query Health Business Working Group Kick-Off September 8, 2011.

Query Health Business Working Group Kick-Off September 8, 2011.
Northcentral University The Graduate School February 2014

Northcentral University The Graduate School February 2014
Copyright © 2004 by The Web Services Interoperability Organization (WS-I). All Rights Reserved 1 Interoperability: Ensuring the Success of Web Services.

Copyright © 2004 by The Web Services Interoperability Organization (WS-I). All Rights Reserved 1 Interoperability: Ensuring the Success of Web Services.
OpenSG Conformity IPRM Overview July 20, 2011. ITCA goals under the IPRM at a high level and in outline form these include: Organize the Test and Certification.

OpenSG Conformity IPRM Overview July 20, ITCA goals under the IPRM at a high level and in outline form these include: Organize the Test and Certification.
Terminology and Use Cases Status Report David Harrington IETF 88 – Nov 4 2013 Security Automation and Continuous Monitoring WG.

Terminology and Use Cases Status Report David Harrington IETF 88 – Nov Security Automation and Continuous Monitoring WG.
Security Automation May 26th, 2010. Security Automation: the challenge “Tower of Babel” – Too much proprietary, incompatible information – Costly – Error.

Security Automation May 26th, Security Automation: the challenge “Tower of Babel” – Too much proprietary, incompatible information – Costly – Error.
1 EARLY SAFETY MANAGEMENT OF PROJECTS AND EXPERIMENTS HSE UNIT PH DSO EDMS No 1136329.

1 EARLY SAFETY MANAGEMENT OF PROJECTS AND EXPERIMENTS HSE UNIT PH DSO EDMS No
Regular process for global reporting and assessment of the state of the marine environment, including socio-economic aspects Guidance for Authors.

Regular process for global reporting and assessment of the state of the marine environment, including socio-economic aspects Guidance for Authors.
RTI, MUMBAI / CH 61 REPORTING PROCESS DAY 6 SESSION NO.1 (THEORY ) BASED ON CHAPTER 6 PERFORMANCE AUDITING GUIDELINES.

RTI, MUMBAI / CH 61 REPORTING PROCESS DAY 6 SESSION NO.1 (THEORY ) BASED ON CHAPTER 6 PERFORMANCE AUDITING GUIDELINES.
Beach Modelling: Lessons Learnt from Past Scheme Performance Project: SC110004/S Project Summary.

Beach Modelling: Lessons Learnt from Past Scheme Performance Project: SC110004/S Project Summary.
Module 6: Business Application Software Audit Chapter 1: Business Application Software Audit 1.

Module 6: Business Application Software Audit Chapter 1: Business Application Software Audit 1.
May 12, 2015 Dan Romascanu Adam Montville

May 12, 2015 Dan Romascanu Adam Montville
Sample Fit-Gap Kick-off

Sample Fit-Gap Kick-off
SAMPLE Develop a Comprehensive Competency Framework

SAMPLE Develop a Comprehensive Competency Framework
OVAL and the SACM Information Model

OVAL and the SACM Information Model
Project Integration Management

Project Integration Management
Evaluating Genetically Modified Organisms

Evaluating Genetically Modified Organisms
ServiceNow Implementation Knowledge Management

ServiceNow Implementation Knowledge Management

Similar presentations

Ads by Google