none
SCM SCAP template will not validate using NIST SCAP validation tool RRS feed

  • Question

  • New to SCAP files and the SCM tool and am trying to use the SCM templates per NIST requirements for Federal Government.

    Using SCM I imported the baseline for WS08-R2.

    I exported the WS08-R2 with no changes to an SCAP format from SCM. I then extract the 4 files from the .cab format and place them in a .zip format. As far as I can tell, the NIST validation tool requires a .zip file.

    I then ran the NIST SCAP validation tool (V. 1.1.2.1) against the SCAP file and receive multiple errors and warnings.
    command: scapval -file ws08r2-ec-member-server_scap.zip -usecase CONFIGURATION -result ws08-r2-test.xml -online -debug -datastream ws08-r2-test-datastream.xml > ws08-r2-test-output.txt

    I also ran the NIST SCAP validation tool (V. 1.1.2.2) against the SCAP file and receive the same multiple errors and warnings.
    command: scapval -file ws08r2-ec-member-server_scap.zip -scapversion 1.0 -usecase CONFIGURATION -result ws08-r2-test.xml -online -debug -datastream ws08-r2-test-datastream.xml > ws08-r2-test-output.txt

    Errors and warnings listed below.

    Any help with resolving this would be appreciated.

    Thanks ---

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Multiple Errors: "Content failed validation against MITRE OVAL schematron validation. The specific error is: oval:microsoft.com:ste:97 - operation attribute for the credential_validation entity of an auditeventpolicysubcategories_state should be 'equals', or 'not equal."

    Multiple Errors: "All a)rules in all XCCDF documents that do not have a @weight attribute shall be considered in error; and b) rules in all XCCDF documents whose @weight attribute value is anything but "10.0" shall be considered in error."

    Single Error: "Validate that the data sources asserted represent an SCAP Configuration verification are consistent with the specification in Table 5.1 of NIST Sp 800-126."

    Single Error: "For every rule selected in every XCCDF document used in SCAP configuration verification whose CCE reference does not match the CCE reference in the corresponding OVAL definition, flag an error, continue processing, mark content as not valid."

    Single Error: "All rules in SCAP XCCDF documents used for configuration verification that contain references to specific OVAL definitions that are not of the compliance class shall be considered to be in error. "

    Multiple Warnings: "For all a) XCCDF documents, verify the existence of a valid CPE, and if not found, the content shall be considered to be in error; b) XCCDF documents, if any CPEs other than the one located above are specified, and if not, the content shall be considered to be in error; and c)XCCDF documents if the CPE name referenced is deprecated, flag as an warning indicating that the more current CPE name should be used."

    Multiple Warnings: "CCE-10746-6 - Generate a warning for all CCE references that are not in the Official CCE dictionary."

    Single Warning: "For all a)XCCDF documents that do not contain the <xccdf:metadata> element, flag as a warning; and b) XCCDF documents that do contain the <xccdf:metadata> element and whose contents are not consistent with the Dublin Core terms flag as a warning."

    Single Warning: "For all XCCDF documents, if a value other than "en-US" is specified, a warning will be generated because not all SCAP-compliant tools can necessarily process information in other languages/encodings. Clearer guidance on this issue is expected in 800-126 v1.1."

     

    Tuesday, January 18, 2011 2:22 PM

All replies