OVAL® International in scope and free for public use, OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community.

Tools and services that use OVAL for the three steps of system assessment — representing system information, expressing specific machine states, and reporting the results of an assessment — provide enterprises with accurate, consistent, and actionable information so they may improve their security. Use of OVAL also provides for reliable and reproducible information assurance metrics and enables interoperability and automation among security tools and services.

OVAL in the Enterprise

Focus On

How to Participate in the OVAL Adoption Program

An organization can participate in the OVAL Adoption Program if its security products/services use OVAL in one or more of the following ways:

If your organization uses or is planning to use OVAL, review the OVAL Adoption Program Process for instructions on how to participate and/or contact oval@mitre.org to learn more.

Page Last Updated: April 10, 2014