Requirement | Count | Level | Type | Description | Location | Test |
---|---|---|---|---|---|---|
207-1 | 1 (of 1) |
WARN | SCHEMATRON | oval:nist.validation.r2000.5:def:5 - OVAL definitions of class 'compliance' should include a reference to a CCE, where applicable. | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][2]/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1] | if(@class eq 'compliance') then exists(oval-def:metadata/oval-def:reference[matches(@source,'^(http://cce.mitre.org|CCE)$')]) else true() |
251-1 | 1 (of 2) |
WARN | SCHEMATRON | xccdf_gov.nist_rule_xccdf_gov.nist.validation_R2000.5_rule_1 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1] | exists(xccdf:ident[matches(@system,'^(http://cce.mitre.org|http://cve.mitre.org|http://cpe.mitre.org)$')]) |
251-1 | 1 (of 2) |
WARN | SCHEMATRON | xccdf_gov.nist_rule_xccdf_gov.nist.validation_R2000.5_rule_2 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][2] | exists(xccdf:ident[matches(@system,'^(http://cce.mitre.org|http://cve.mitre.org|http://cpe.mitre.org)$')]) |
Requirement | Count | Level | Type | Description | Location | Test |
---|---|---|---|---|---|---|
330-3 | 1 (of 1) |
WARN | SCHEMATRON | Warning: The 'cpe:/' prefix (CPE URI binding) is allowed within an @idref attribute, but the CPE Formatted String binding is preferred. See the XCCDF 1.2.1 specification, Section 6.2.5. | /*[local-name()='Benchmark']/*[local-name()='platform'] | false() |