SCAP Content Validation Results

Validation Result: PASS
Submitted Resource: r1100-scap11-win_rhel_macos-cpe-dictionary.xml (SHA-256 : 04A06C7C55E69A7324E14C58A52FD35CC68D8E85407201E17F3C24C86059514A)
Submitted Resource: r1100-scap11-win_rhel_macos-cpe-oval.xml (SHA-256 : 78878DB2D75C9F3702F4076C3E7F72275ED3091004BAB58FD2598009931D0BBD)
Submitted Resource: r1100-scap11-win_rhel_macos-ocil.xml (SHA-256 : 31816F5932310A72CDAA4447484609AB0E571524DA049CEE426C7D9EFD0B9119)
Submitted Resource: r1100-scap11-win_rhel_macos-oval.xml (SHA-256 : 24760D3A8BE9AF375113A0BE5FFB3E4794663D06A62607FF5B5A02134B4CF447)
Submitted Resource: r1100-scap11-win_rhel_macos-patches.xml (SHA-256 : A7C4E218A8C2378C7BC69043504D5F654D239D77671D62F599AD2477013C493B)
Submitted Resource: r1100-scap11-win_rhel_macos-xccdf.xml (SHA-256 : 4FDC3E275D6F8377C3C813219BC4A4598D3CE90ED4823FB8A9294F53F4A80D03)
Validation Time: 2017-05-18T13:52:19
Tool Version: scapval-1.2.1.16

c:\utilities\scapval-1.2.1.16-release\R1100-scap11

Requirement Count Level Type Description Location Test
148-1 1
(of 1)
WARN SCHEMATRON cpe:/o:apple:mac_os:10:11 - CPE items SHOULD exist in the official CPE dictionary. /*:data-stream[namespace-uri()='http://scap.nist.gov/schema/data-stream/0.2'][1]/*:cpe-dictionary-content[namespace-uri()='http://scap.nist.gov/schema/data-stream/0.2'][1]/*:cpe-list[namespace-uri()='http://cpe.mitre.org/dictionary/2.0'][1]/*:cpe-item[namespace-uri()='http://cpe.mitre.org/dictionary/2.0'][3] exists(document(concat('','/official-cpe-dictionary_v2.2.xml'))/cpe-dict:cpe-list/cpe-dict:cpe-item[count(tokenize(@name,':')) ge count(tokenize(current()/@name,':')) and (tokenize(@name,':')[1] eq tokenize(current()/@name,':')[1] or tokenize(current()/@name,':')[1] eq '' or not(exists(tokenize(current()/@name,':')[1]))) and (tokenize(@name,':')[2] eq tokenize(current()/@name,':')[2] or tokenize(current()/@name,':')[2] eq '' or not(exists(tokenize(current()/@name,':')[2]))) and (tokenize(@name,':')[3] eq tokenize(current()/@name,':')[3] or tokenize(current()/@name,':')[3] eq '' or not(exists(tokenize(current()/@name,':')[3]))) and (tokenize(@name,':')[4] eq tokenize(current()/@name,':')[4] or tokenize(current()/@name,':')[4] eq '' or not(exists(tokenize(current()/@name,':')[4]))) and (tokenize(@name,':')[5] eq tokenize(current()/@name,':')[5] or tokenize(current()/@name,':')[5] eq '' or not(exists(tokenize(current()/@name,':')[5]))) and (tokenize(@name,':')[6] eq tokenize(current()/@name,':')[6] or tokenize(current()/@name,':')[6] eq '' or not(exists(tokenize(current()/@name,':')[6]))) and (tokenize(@name,':')[7] eq tokenize(current()/@name,':')[7] or tokenize(current()/@name,':')[7] eq '' or not(exists(tokenize(current()/@name,':')[7]))) and (tokenize(@name,':')[8] eq tokenize(current()/@name,':')[8] or tokenize(current()/@name,':')[8] eq '' or not(exists(tokenize(current()/@name,':')[8])))])

r1100-scap11-win_rhel_macos-cpe-oval.xml

Requirement Count Level Type Description Location Test
A21 1
(of 2)
INFO SCHEMATRON oval:gov.nist.validation.cpe.oval:tst:101 - The OVAL test type is not checked in the NIST SCAP Validation Program. /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:tests[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:rpminfo_test[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5#linux'][1] exists(document(concat('','/validation_program_oval_test_types.xml'))/test_types/test_type[@namespace eq namespace-uri(current()) and @name eq local-name(current())])
A21 1
(of 2)
INFO SCHEMATRON oval:gov.nist.validation.cpe.oval:tst:1202 - The OVAL test type is not checked in the NIST SCAP Validation Program. /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:tests[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:plist_test[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5#macos'][1] exists(document(concat('','/validation_program_oval_test_types.xml'))/test_types/test_type[@namespace eq namespace-uri(current()) and @name eq local-name(current())])

r1100-scap11-win_rhel_macos-patches.xml

Requirement Count Level Type Description Location Test
211-1 1
(of 5)
WARN SCHEMATRON oval:gov.nist.validation.r1100_scap11_win_rhel.patch:def:1 - Issue a warning if an OVAL patch class does not reference a CVE. /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1] if( @class eq 'patch' ) then exists(current()//oval-def:reference[matches(@source,'^(CVE|http://cve.mitre.org)$')]) else true()
211-1 1
(of 5)
WARN SCHEMATRON oval:gov.nist.validation.r1100_scap11_win_rhel.patch:def:2 - Issue a warning if an OVAL patch class does not reference a CVE. /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][2] if( @class eq 'patch' ) then exists(current()//oval-def:reference[matches(@source,'^(CVE|http://cve.mitre.org)$')]) else true()
211-1 1
(of 5)
WARN SCHEMATRON oval:gov.nist.validation.r1100_scap11_win_rhel.patch:def:3 - Issue a warning if an OVAL patch class does not reference a CVE. /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][3] if( @class eq 'patch' ) then exists(current()//oval-def:reference[matches(@source,'^(CVE|http://cve.mitre.org)$')]) else true()
211-1 1
(of 5)
WARN SCHEMATRON oval:gov.nist.validation.r1100_scap11_win_rhel.patch:def:4 - Issue a warning if an OVAL patch class does not reference a CVE. /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][4] if( @class eq 'patch' ) then exists(current()//oval-def:reference[matches(@source,'^(CVE|http://cve.mitre.org)$')]) else true()
211-1 1
(of 5)
WARN SCHEMATRON oval:gov.nist.validation.r1100_scap11_win_rhel.patch:def:5 - Issue a warning if an OVAL patch class does not reference a CVE. /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][5] if( @class eq 'patch' ) then exists(current()//oval-def:reference[matches(@source,'^(CVE|http://cve.mitre.org)$')]) else true()

r1100-scap11-win_rhel_macos-xccdf.xml

Requirement Count Level Type Description Location Test
15-2 1
(of 1)
WARN SCHEMATRON xccdf_gov.nist.r1100_scap11_win_rhel_macos_benchmark - The <xccdf:platform> element of the <xccdf:Benchmark> element that contains a CPE SHALL contain a reference to a CPE name in the Official CPE Dictionary if such a name exists for the indicated platform. Issue a warning if the CPE name specified in <xccdf:platform> does not match a CPE name in the Official CPE Dictionary. /*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][1] every $m in xccdf:platform[matches(@idref,'[c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9\._\-~%]*)0 6')] satisfies exists(document(concat('','/official-cpe-dictionary_v2.2.xml'))/cpe-dict:cpe-list/cpe-dict:cpe-item[count(tokenize(@name,':')) ge count(tokenize($m/@idref,':')) and (tokenize(@name,':')[1] eq tokenize($m/@idref,':')[1] or tokenize($m/@idref,':')[1] eq '' or not(exists(tokenize($m/@idref,':')[1]))) and (tokenize(@name,':')[2] eq tokenize($m/@idref,':')[2] or tokenize($m/@idref,':')[2] eq '' or not(exists(tokenize($m/@idref,':')[2]))) and (tokenize(@name,':')[3] eq tokenize($m/@idref,':')[3] or tokenize($m/@idref,':')[3] eq '' or not(exists(tokenize($m/@idref,':')[3]))) and (tokenize(@name,':')[4] eq tokenize($m/@idref,':')[4] or tokenize($m/@idref,':')[4] eq '' or not(exists(tokenize($m/@idref,':')[4]))) and (tokenize(@name,':')[5] eq tokenize($m/@idref,':')[5] or tokenize($m/@idref,':')[5] eq '' or not(exists(tokenize($m/@idref,':')[5]))) and (tokenize(@name,':')[6] eq tokenize($m/@idref,':')[6] or tokenize($m/@idref,':')[6] eq '' or not(exists(tokenize($m/@idref,':')[6]))) and (tokenize(@name,':')[7] eq tokenize($m/@idref,':')[7] or tokenize($m/@idref,':')[7] eq '' or not(exists(tokenize($m/@idref,':')[7]))) and (tokenize(@name,':')[8] eq tokenize($m/@idref,':')[8] or tokenize($m/@idref,':')[8] eq '' or not(exists(tokenize($m/@idref,':')[8])))])
251-1 1
(of 3)
WARN SCHEMATRON r1100_scap11_win_rhel_macos_validation_rule_6 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE /*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][1] exists(xccdf:ident[matches(@system,'^(CCE|http://cce.mitre.org|CVE|http://cve.mitre.org|CPE|http://cpe.mitre.org)$')])
251-1 1
(of 3)
WARN SCHEMATRON r1100_scap11_win_rhel_macos_validation_rule_7 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE /*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][2] exists(xccdf:ident[matches(@system,'^(CCE|http://cce.mitre.org|CVE|http://cve.mitre.org|CPE|http://cpe.mitre.org)$')])
251-1 1
(of 3)
WARN SCHEMATRON security_patches_up_to_date - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE /*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][1]/*:Group[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][4]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][1] exists(xccdf:ident[matches(@system,'^(CCE|http://cce.mitre.org|CVE|http://cve.mitre.org|CPE|http://cpe.mitre.org)$')])

Statistics

Statistic Type Statistic ID Test Name Value
COUNT RULE_OVAL_COUNT
COUNT RULE_OCIL_COUNT
COUNT RULE_OCIL_ONLY_COUNT
COUNT RULE_CCE_COUNT
COUNT RULE_TEST_COUNT family_test 4
COUNT RULE_TEST_COUNT rpminfo_test 1
COUNT RULE_TEST_COUNT plist_test 1
COUNT RULE_TEST_COUNT variable_test 6