Skip to content

Instantly share code, notes, and snippets.

@slayerlab
Last active August 14, 2018 18:32
Show Gist options
  • Save slayerlab/8bb25c7a8c36863f38b20cd9c13fa075 to your computer and use it in GitHub Desktop.
Save slayerlab/8bb25c7a8c36863f38b20cd9c13fa075 to your computer and use it in GitHub Desktop.
Lista de itens utilizados no SCAP e OpenSCAP

Itens mútuos com SCAP e OpenSCAP

  • Open Vulnerability Assessment Language (OVAL) -- SCAP e OpenSCAP
  • Assert Report Format (ARF) -- SCAP e OpenSCAP
  • Extensible Configuration Checklist Description Format (XCCDF) -- SCAP e OpenSCAP
  • Common Vulnerability Exposures (CVE) -- SCAP e OpenSCAP
  • Common Platform Enumeration (CPE) -- SCAP e OpenSCAP
  • Common Weakness Enumeration (CWE) -- SCAP e OpenSCAP
  • DataStream -- OpenSCAP -> Isso foi introduzido no SCAP 1.2. Para que consiga entender o que é o "DataStream" do OpenSCAP: Imagine um arquivo XCCDF que tem ligação com o OVAL e, nele, tem ligações com informações das plataformas vulneráveis (CPE). Esse arquivo interligado pode ser chamado de "DataStream". Ele não faz parte do SCAP, apenas do OpenSCAP.

Abaixo são os itens utilizados apenas no SCAP, NIST.gov:

  • Open Checklist Interactive List (OCIL) -- SCAP
  • Common Configuration Enumeration (CCE) -- SCAP
  • Common Configuration Scoring System (CCSS) -- SCAP
  • Software Identification (SWID) -- SCAP
  • Common Vulnerability Scoring System (CVSS) -- SCAP
  • Trust Model for Security Automation Data (TMSAD) -- SCAP
  1. Language
Nome dos itens SCAP OpenSCAP
Open Checklist Interactive List YES NO
Open Vulnerability Assessment Language YES YES
Extensible Configuration Checklist Description Format YES YES
DataStream NO YES
  1. Reporting Formats
Nome dos itens SCAP OpenSCAP
Asset Reporting Format YES NO
Asset Identification YES NO
  1. Identification Schemes
Nome dos itens SCAP OpenSCAP
Common Configuration Enumeration YES NO
Common Platform Enumeration YES YES
Common Vulnerability Exposures YES YES
Software Identification YES NO
  1. Scoring System
Nome dos itens SCAP OpenSCAP
Common Vulnerability Scoring System YES NO
Common Configuration Scoring System YES NO
  1. Integrity
Nome dos itens SCAP OpenSCAP
Trust Model for Security Automation Data YES NO
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment