SCAP Content Validation Results

Validation Result: PASS
Submitted Resource: r1100-scap10-macos-cpe-dictionary.xml (SHA-256 : 2DFCDB6F3F014503B069E14C4E1A436E6BC5AF4F454B727411AE8EA17427CCD2)
Submitted Resource: r1100-scap10-macos-cpe-oval.xml (SHA-256 : A076E91880E1020AB98762AF27B7952F2B7A0FE0022BE83BB512D6FCDEE1CDBE)
Submitted Resource: r1100-scap10-macos-oval.xml (SHA-256 : 2D89BFF542E4D4291709ED71E6ECBBC601F0CF75C215BB5A9652606F37EE49B0)
Submitted Resource: r1100-scap10-macos-patches.xml (SHA-256 : 73943EF4DACFDDDA285FE69FF8E4DEB9C4879C02392B05425ABE0AED06D88FB0)
Submitted Resource: r1100-scap10-macos-xccdf.xml (SHA-256 : CBC02A6318E9267B88F5B75AE3BCA97EB7E1E583CCC0435E785CDA103140FB8B)
Validation Time: 2017-05-18T13:53:00
Tool Version: scapval-1.2.1.16

c:\utilities\scapval-1.2.1.16-release\R1100-scap10-macos

Requirement Count Level Type Description Location Test
15-2 1
(of 1)
WARN SCHEMATRON For all a) XCCDF documents, verify the existence of a valid CPE, and if not found, the content shall be considered to be in error; b) XCCDF documents, if any CPEs other than the one located above are specified, and if not, the content shall be considered to be in error; and c)XCCDF documents if the CPE name referenced is deprecated, flag as an warning indicating that the more current CPE name should be used. /*:data-stream[namespace-uri()='http://scap.nist.gov/schema/data-stream/0.1'][1]/*:cpe-dictionary-content[namespace-uri()='http://scap.nist.gov/schema/data-stream/0.1'][1]/*:cpe-list[namespace-uri()='http://cpe.mitre.org/dictionary/2.0'][1]/*:cpe-item[namespace-uri()='http://cpe.mitre.org/dictionary/2.0'][3] exists(document(concat('','/official-cpe-dictionary_v2.2.xml'))/cpe-dict:cpe-list/cpe-dict:cpe-item[count(tokenize(@name,':')) ge count(tokenize(current()/@name,':')) and (tokenize(@name,':')[1] eq tokenize(current()/@name,':')[1] or tokenize(current()/@name,':')[1] eq '' or not(exists(tokenize(current()/@name,':')[1]))) and (tokenize(@name,':')[2] eq tokenize(current()/@name,':')[2] or tokenize(current()/@name,':')[2] eq '' or not(exists(tokenize(current()/@name,':')[2]))) and (tokenize(@name,':')[3] eq tokenize(current()/@name,':')[3] or tokenize(current()/@name,':')[3] eq '' or not(exists(tokenize(current()/@name,':')[3]))) and (tokenize(@name,':')[4] eq tokenize(current()/@name,':')[4] or tokenize(current()/@name,':')[4] eq '' or not(exists(tokenize(current()/@name,':')[4]))) and (tokenize(@name,':')[5] eq tokenize(current()/@name,':')[5] or tokenize(current()/@name,':')[5] eq '' or not(exists(tokenize(current()/@name,':')[5]))) and (tokenize(@name,':')[6] eq tokenize(current()/@name,':')[6] or tokenize(current()/@name,':')[6] eq '' or not(exists(tokenize(current()/@name,':')[6]))) and (tokenize(@name,':')[7] eq tokenize(current()/@name,':')[7] or tokenize(current()/@name,':')[7] eq '' or not(exists(tokenize(current()/@name,':')[7]))) and (tokenize(@name,':')[8] eq tokenize(current()/@name,':')[8] or tokenize(current()/@name,':')[8] eq '' or not(exists(tokenize(current()/@name,':')[8])))])

r1100-scap10-macos-cpe-oval.xml

Requirement Count Level Type Description Location Test
A21 1
(of 2)
INFO SCHEMATRON oval:gov.nist.validation.cpe.oval:tst:101 - The OVAL test type is not checked in the NIST SCAP Validation Program. /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:tests[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:rpminfo_test[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5#linux'][1] exists(document(concat('','/validation_program_oval_test_types.xml'))/test_types/test_type[@namespace eq namespace-uri(current()) and @name eq local-name(current())])
A21 1
(of 2)
INFO SCHEMATRON oval:gov.nist.validation.cpe.oval:tst:1302 - The OVAL test type is not checked in the NIST SCAP Validation Program. /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:tests[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:xmlfilecontent_test[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5#independent'][1] exists(document(concat('','/validation_program_oval_test_types.xml'))/test_types/test_type[@namespace eq namespace-uri(current()) and @name eq local-name(current())])

r1100-scap10-macos-patches.xml

Requirement Count Level Type Description Location Test
66 5
(of 5)
WARN SCHEMATRON All SCAP OVAL patch class definitions that are NOT associated with source specific identifiers that are not contained in the <reference> element of the definition shall generate a warning. /*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]

/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][2]

/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][3]

/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][4]

/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][5]
if( @class eq 'patch' ) then exists(current()//oval-def:reference) else true()

r1100-scap10-macos-xccdf.xml

Requirement Count Level Type Description Location Test
8-2 1
(of 1)
WARN SCHEMATRON For all a)XCCDF documents that do not contain the <xccdf:metadata> element, flag as a warning; and b) XCCDF documents that do contain the <xccdf:metadata> element and whose contents are not consistent with the Dublin Core terms flag as a warning. /*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.1'][1] every $m in xccdf:metadata/* satisfies $m/namespace-uri() eq 'http://purl.org/dc/elements/1.1/' and ($m/local-name() eq 'creator' or $m/local-name() eq 'publisher' or $m/local-name() eq 'contributor')

Statistics

Statistic Type Statistic ID Test Name Value
COUNT RULE_OVAL_COUNT
COUNT RULE_OCIL_COUNT
COUNT RULE_OCIL_ONLY_COUNT
COUNT RULE_CCE_COUNT
COUNT RULE_TEST_COUNT variable_test 6
COUNT RULE_TEST_COUNT family_test 4
COUNT RULE_TEST_COUNT rpminfo_test 1
COUNT RULE_TEST_COUNT xmlfilecontent_test 1