Itens mútuos com SCAP e OpenSCAP
- Open Vulnerability Assessment Language (OVAL) -- SCAP e OpenSCAP
- Assert Report Format (ARF) -- SCAP e OpenSCAP
- Extensible Configuration Checklist Description Format (XCCDF) -- SCAP e OpenSCAP
- Common Vulnerability Exposures (CVE) -- SCAP e OpenSCAP
- Common Platform Enumeration (CPE) -- SCAP e OpenSCAP
- Common Weakness Enumeration (CWE) -- SCAP e OpenSCAP
- DataStream -- OpenSCAP -> Isso foi introduzido no SCAP 1.2. Para que consiga entender o que é o "DataStream" do OpenSCAP: Imagine um arquivo XCCDF que tem ligação com o OVAL e, nele, tem ligações com informações das plataformas vulneráveis (CPE). Esse arquivo interligado pode ser chamado de "DataStream". Ele não faz parte do SCAP, apenas do OpenSCAP.
Abaixo são os itens utilizados apenas no SCAP, NIST.gov:
- Open Checklist Interactive List (OCIL) -- SCAP
- Common Configuration Enumeration (CCE) -- SCAP
- Common Configuration Scoring System (CCSS) -- SCAP
- Software Identification (SWID) -- SCAP
- Common Vulnerability Scoring System (CVSS) -- SCAP
- Trust Model for Security Automation Data (TMSAD) -- SCAP
- Language
Nome dos itens |
SCAP |
OpenSCAP |
Open Checklist Interactive List |
YES |
NO |
Open Vulnerability Assessment Language |
YES |
YES |
Extensible Configuration Checklist Description Format |
YES |
YES |
DataStream |
NO |
YES |
- Reporting Formats
Nome dos itens |
SCAP |
OpenSCAP |
Asset Reporting Format |
YES |
NO |
Asset Identification |
YES |
NO |
- Identification Schemes
Nome dos itens |
SCAP |
OpenSCAP |
Common Configuration Enumeration |
YES |
NO |
Common Platform Enumeration |
YES |
YES |
Common Vulnerability Exposures |
YES |
YES |
Software Identification |
YES |
NO |
- Scoring System
Nome dos itens |
SCAP |
OpenSCAP |
Common Vulnerability Scoring System |
YES |
NO |
Common Configuration Scoring System |
YES |
NO |
- Integrity
Nome dos itens |
SCAP |
OpenSCAP |
Trust Model for Security Automation Data |
YES |
NO |