|
|
         |
 |
         |
|
|
|
CIS Support of the XCCDF/OVAL Editor Project The CIS NG Scoring Tool reads CIS Benchmark recommendations expressed in XCCDF format and configuration checks expressed in XML based on OVAL. By leveraging these standards we help ensure that the content the CIS community creates can be used by commercial security tool vendors and end users. The XCCDF/OVAL Editor will enable all end users to create and modify XCCDF/OVAL content. In addition, it will enable CIS Members to alter CIS Benchmark content to suit their local environments and use the Member's version of the CIS NG Scoring Tool to compare the configuration of their systems with those customized configuration policies. The customized content can then also be used in commercial XCCDF/OVAL-compliant configuration management tools. We view this standardization as a key aspect of effective security configuration management. In the absence of standardization, each tool vendor must provide and/or convert content into proprietary formats. This conversion may result in configuration information being lost or altered in a way that changes the intent of the technical control recommendation. By agreeing to use open standards, CIS, end users and vendors can make use of the same content to help ensure that this doesn't occur. Links: XCCDF: http://checklists.nist.gov/xccdf.html OVAL: http://oval.mitre.org | |
|
 |
|
|
|
 |