Name of Your Organization:
GCP Global
Web Site:
Adopting Capability:
ORCA
Capability home page:
Adoption Capabilities
If the functionality is available now, indicate "Yes." If it has been implemented but not released, indicate "Beta". If planned but not currently available, indicate "Planned". If there are no plans for a specific category, that section(s) is not included as part of the questionnaire below.
OVAL Systems Characteristics Producer — Yes
OVAL Definition Evaluator — Yes
OVAL Results Consumer — Yes
Product Accessibility <AR_1.9>
Provide a short description of how and where your capability is made available to your customers and the public.
Our capability is included when you buy ORCA if you buy licenses for our testing module.
Language Version Indication <AR_1.10>
Describe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content.
When the testing module is executed, the system output gives this information to the user.
Error Reporting <AR_2.1>
Indicate how a user who discovers an error in the capability’s use of OVAL can report the error.
Through our technical support hotline.
Responding to Error Reports <AR_2.2>
Describe the approach to responding to the above error reports and how applicable fixes will be applied.
When we receive the call, the user receives a problem id and the error gets documented on our ticket support system. Then, it's directed to our development area for review.
Adoption Documentation <AR_3.1>
Provide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Adoption for any customers.
Our application gives out this information in the "About" box.
Language Support <AR_3.2>
List each supported component schema and specific OVAL Tests in those component schemas that are supported. (AR_3.2)
We are based on jovaldi (http://joval.org/features/) because we have licensed their technology, so we copy here what jOVAL stated before in their questionnaire:
Our list of supported tests is always growing. A complete list of features can be found on our website.
The following are supported:
- aix-definitions-schema.xsd
- Fileset Test
- Fix Test
- Interim Fix Test
- No Test
- OS Level Test
- independent-definitions-schema.xsd
- Environmentvariable Test
- Family Test
- Textfilecontent Test
- Textfilecontent54 Test
- Unknown Test
- Variable Test
- Xmlfilecontent Test
- ios-definitions-schema.xsd
- Line Test
- Version55 Test
- linux-definitions-schema.xsd
- Dpkginfo Test
- Iflisteners Test
- Inet Listening Servers Test
- Partition Test
- Rpm Info Test
- RPM Verify Test (Legacy)
- RPM Verify File Test
- RPM Verify Package Test
- SE Linux Boolean Test
- SE Linux Security Context Test
- solaris-definitions-schema.xsd
- ISA Info Test
- NDD Test
- Package Test
- Package Check Test
- Patch Test (Legacy and 5.4)
- SMF Test
- windows-definitions-schema.xsd
- File Test
- Group Test
- GroupSid Test
- Registry Test
- User Test
- UserSid55 Test
- UserSid Test
- WMI57 Test
- WMI Test
- unix-definitions-schema.xsd
- File Test
- File Extended Attribute Test
- Gconf Test
- Inetd Test
- Interface Test
- Password Test
- Process Test (Legacy and 5.8)
- Routing Table Test
- Runlevel Test
- SCCS Test
- Shadow Test
- Sysctl Test
- Uname Test
- Xinetd Test
Core constructs defined in the OVAL Language that are not supported. (AR_3.2)
- EntityAttributeGroup:mask
Assessment Method <AR_3.3>
List each supported component schema and specific OVAL Tests in those component schemas that are supported. (AR_3.2)
Query to a database of an endpoint's current configuration settings. (Through our BI module.)
Assessment of state by a host-based sensor.
OVAL Content Error Reporting <AR_3.4>
Provide a copy, or directions to the location, of where the documentation describes the procedure by which errors in OVAL content may be reported for any OVAL content that is produced by the product.
In the contract we sign with our customers, they are informed about the process for reporting errors to our technical support hotline.
Syntax Error Detection and Reporting <AR_4.1> <AR_4.2> <AR_4.3> <AR_4.4>
Indicate how the product or repository detects and reports syntax errors in any OVAL content that is consumed by the product or repository.
Syntax checking capabilities are included in jovaldi, which we licensed for its use in ORCA.
Content Transparency <AR_8.1> <AR_8.2>
Indicate how the product allows users to determine which OVAL Definitions are being evaluated and examine the details of those definitions.
The user imports the Definition file and then map fields in the XML file to ORCA’s data. jOVAL can output a results.xml file conformant to the OVAL results schema definition. jovaldi outputs this file by default.
Content Import Process Explanation <AR_8.3>
If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.
The capability consumes OVAL content at runtime.
Content Evaluation <AR_8.4> <AR_8.5> <AR_8.6> <AR_8.7>
Indicate how users can review the detailed results of evaluating an OVAL Definition on a target system.
jOVAL can produce an OVAL results file (compliant with the OVAL results schema), which includes this detailed information. jovaldi produces this full OVAL results file by default. (Both also support filtering the results when a directives file is specified).
Full OVAL Results <AR_8.8>
Indicate how users can review the full OVAL Results of the evaluation of an OVAL Definition on a target system.
jOVAL can produce an OVAL results file (compliant with the OVAL results schema), which includes this detailed information. jovaldi produces this full OVAL results file by default. (Both also support filtering the results when a directives file is specified).
Examine Imported Content <AR_9.1> <AR_9.2>
Indicate how users can review OVAL Results that are imported into the product and explain how users can determine which system a particular set of results applies to.
ORCA places results inside objects named facts that belong to each tested asset.
Content Import Process Explanation <AR_9.3>
If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.
The capability consumes OVAL content at runtime.
Collecting System Data <AR_5.2> <AR_5.3>
Explain the criteria used to collect system data that is included in an OVAL System Characteristics document.
jOVAL collects system characteristics data for every object defined in the input Definition file.
Content Export <AR_5.2> <AR_5.3>
Indicate how the product allows users to export OVAL System Characteristics documents.
jOVAL features a method to support writing a System-Characteristics file. The jovaldi command-line program produces a system-characteristics file by default.
Adoption Signature
Statement of Adoption <AR_1.2>
"As an authorized representative of my organization I agree that we will abide by all of the mandatory adoption requirements as well as all of the additional mandatory adoption requirements that are appropriate for our specific type of capability."
NAME: Paolo Bucciol
TITLE: IT Director
Statement of Accuracy <AR_1.2>
"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability’s use of the OVAL Language and the interpretation of the logic."
NAME: Paolo Bucciol
TITLE: IT Director
Statement on Follow-On Correctness Testing Support <AR_1.7>
"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."
NAME: Paolo Bucciol
TITLE: IT Director
Page Last Updated: February 28, 2014
