Requirement | Count | Level | Type | Description | Location | Test |
---|---|---|---|---|---|---|
A21 | 1 (of 1) |
INFO | SCHEMATRON | oval:gov.nist.validation.cpe.oval:tst:101 - The OVAL test type is not checked in the NIST SCAP Validation Program. | /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:tests[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:rpminfo_test[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5#linux'][1] | exists(document(concat('','/validation_program_oval_test_types.xml'))/test_types/test_type[@namespace eq namespace-uri(current()) and @name eq local-name(current())]) |
Requirement | Count | Level | Type | Description | Location | Test |
---|---|---|---|---|---|---|
211-1 | 1 (of 5) |
WARN | SCHEMATRON | oval:gov.nist.validation.r1100_scap11_win_rhel.patch:def:1 - Issue a warning if an OVAL patch class does not reference a CVE. | /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1] | if( @class eq 'patch' ) then exists(current()//oval-def:reference[matches(@source,'^(CVE|http://cve.mitre.org)$')]) else true() |
211-1 | 1 (of 5) |
WARN | SCHEMATRON | oval:gov.nist.validation.r1100_scap11_win_rhel.patch:def:2 - Issue a warning if an OVAL patch class does not reference a CVE. | /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][2] | if( @class eq 'patch' ) then exists(current()//oval-def:reference[matches(@source,'^(CVE|http://cve.mitre.org)$')]) else true() |
211-1 | 1 (of 5) |
WARN | SCHEMATRON | oval:gov.nist.validation.r1100_scap11_win_rhel.patch:def:3 - Issue a warning if an OVAL patch class does not reference a CVE. | /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][3] | if( @class eq 'patch' ) then exists(current()//oval-def:reference[matches(@source,'^(CVE|http://cve.mitre.org)$')]) else true() |
211-1 | 1 (of 5) |
WARN | SCHEMATRON | oval:gov.nist.validation.r1100_scap11_win_rhel.patch:def:4 - Issue a warning if an OVAL patch class does not reference a CVE. | /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][4] | if( @class eq 'patch' ) then exists(current()//oval-def:reference[matches(@source,'^(CVE|http://cve.mitre.org)$')]) else true() |
211-1 | 1 (of 5) |
WARN | SCHEMATRON | oval:gov.nist.validation.r1100_scap11_win_rhel.patch:def:5 - Issue a warning if an OVAL patch class does not reference a CVE. | /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][5] | if( @class eq 'patch' ) then exists(current()//oval-def:reference[matches(@source,'^(CVE|http://cve.mitre.org)$')]) else true() |
Requirement | Count | Level | Type | Description | Location | Test |
---|---|---|---|---|---|---|
251-1 | 1 (of 3) |
WARN | SCHEMATRON | r1100_scap11_win_rhel_validation_rule_6 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][1] | exists(xccdf:ident[matches(@system,'^(CCE|http://cce.mitre.org|CVE|http://cve.mitre.org|CPE|http://cpe.mitre.org)$')]) |
251-1 | 1 (of 3) |
WARN | SCHEMATRON | r1100_scap11_win_rhel_validation_rule_7 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][2] | exists(xccdf:ident[matches(@system,'^(CCE|http://cce.mitre.org|CVE|http://cve.mitre.org|CPE|http://cpe.mitre.org)$')]) |
251-1 | 1 (of 3) |
WARN | SCHEMATRON | security_patches_up_to_date - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][1]/*:Group[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][4]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][1] | exists(xccdf:ident[matches(@system,'^(CCE|http://cce.mitre.org|CVE|http://cve.mitre.org|CPE|http://cpe.mitre.org)$')]) |