Problem

Solution

DataStream collection files are now available as part of the XCCDF+OVAL export option while tailoring!

What is a DataStream?

A DataStream collection file is an SCAP standard format. It’s helpful to understand the various SCAP components first, per https://www.open-scap.org/features/scap-components/

XCCDF.xml - The XCCDF acronym stands for Extensible Configuration Checklist Description Format. As the name suggests, the language is used to describe security checklists. These files contain benchmark recommendations

OVAL.xml - The OVAL acronym stands for Open Vulnerability and Assessment Language. OVAL is declarative language for making logical assertions about the state of system. These files work in conjunction with the xccdf.xml to help define what is collected from the system using standard OVAL.

CPE-OVAL.xml and CPE-DICTIONARY.xml - The Common Platform Enumeration (CPE) serves to identify IT platforms and systems using unequivocally defined names. These files exist for only specific platform benchmarks and they help the assessment tool check if the target platform is right for the benchmark. If it isn't, the assessment may give a warning or produce no results.

SCE - The Script Check Engine: SCAP extension to allow script execution from SCAP policy. It allows you to make your scripts interoperable with your security policy. This directory exists only if a specific benchmark references attached scripts. The referenced scripts are included in the CIS-CAT Pro Assessor Bundle in the SCE folder.

COLLECTION.xml – This is a DataStream file! and it is a format that packs these other SCAP components, above, into a single file. Think, XCCDF, OVAL, CPE and SCE all in one place.

Keywords; DataStream OVAL SCE XCCDF Data Stream

Content by Label