Name of Your Organization:

SecPod Technologies

Web Site:

http://www.secpod.com/

Adopting Capability:

SecPod Saner

Capability home page:

http://www.secpod.com/saner-business.html

Adoption Capabilities

OVAL Definition Evaluator — Yes
OVAL Systems Characteristics Producer — Yes

General Capability Questions

Product Accessibility <AR_1.9>

Provide a short description of how and where your capability is made available to your customers and the public.

Saner Business is available via commercial license through our website. SecPod Personal is freely downloadable from our website.

Language Version Indication <AR_1.10>

Describe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content.

The product supports OVAL version 5.10 which is mentioned in our SCAP Repository and product documentation.

Capability Correctness Questions

The following questions apply to all capabilities.

Error Reporting <AR_2.1>

Indicate how a user who discovers an error in the capability’s use of OVAL can report the error.

We have created support channels for our customers to report errors.

Responding to Error Reports <AR_2.2>

Describe the approach to responding to the above error reports and how applicable fixes will be applied.

We have processes implemented to verify the error report, reproducing the error as per the report and the fixes will be pushed through an automated product update procedure quarterly. Critical errors will be addressed in the monthly release cycles.

Documentation Questions

The following questions apply to all capabilities.

Adoption Documentation <AR_3.1>

Provide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Adoption for any customers.

SecPod Saner consumes SCAP Feed which is detailed in our website: http://www.secpod.com/scap-feed.html

Also, the feed can be searched using SecPod SCAP Repo: http://www.scaprepo.com

Language Support <AR_3.2>

List each supported component schema and specific OVAL Tests in those component schemas that are supported.

The following are supported:

  • independent-definitions-schema.xsd
    • family_test
    • environmentvariable58_test
    • textfilecontent54_test
    • variable_test
  • windows-definitions-schema.xsd
    • accesstoken_test
    • auditeventpolicy_test
    • auditeventpolicysubcategories_test
    • file_test
    • fileauditedpermissions53_test
    • fileeffectiverights53_test
    • group_test
    • group_sid_test
    • interface_test
    • lockoutpolicy_test
    • passwordpolicy_test
    • port_test
    • process58_test
    • registry_test
    • regkeyauditedpermissions53_test
    • regkeyeffectiverights53_test
    • service_test
    • serviceeffectiverights_test
    • sid_test
    • sid_sid_test
    • uac_test
    • user_test
    • user_sid55_test
    • wmi57_test
    • wuaupdatesearcher_test

List any core constructs defined in the OVAL Language that are not supported.

None

OVAL Assessment Method <AR_3.3>

List each supported assessment method if applicable.

  • Query to a database of an endpoint's current configuration settings.
  • Assessment of state by a remote-scanning sensor.

OVAL Content Error Reporting <AR_3.4>

Provide a copy, or directions to the location, of where the documentation describes the procedure by which errors in OVAL content may be reported for any OVAL content that is produced by the product.

Errors are reported through the support channels: http://www.secpod.com/support.html

Content Validity Questions

The following questions apply to all capabilities.

Syntax Error Detection and Reporting <AR_4.1> <AR_4.2> <AR_4.3> <AR_4.4>

Indicate how the product or repository detects and reports syntax errors in any OVAL content that is consumed by the product or repository.

SecPod Saner logs all the syntax and other such errors.

Definition Evaluator Capability Questions

The following questions apply to only Definition Evaluator capabilities.

Content Transparency <AR_8.1> <AR_8.2>

Indicate how the product allows users to determine which OVAL Definitions are being evaluated and examine the details of those definitions.

SecPod Saner logs all the definitions and their objects being evaluated. The details of those definitions can be checked using our SCAP content repository, SCAP Repo.

Content Import Process Explanation <AR_8.3>

If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.

SecPod Saner consumes OVAL content at runtime.

Content Evaluation <AR_8.4> <AR_8.5> <AR_8.6> <AR_8.7>

Indicate how users can review the detailed results of evaluating an OVAL Definition on a target system.

SecPod Saner generates OVAL results compatible to the OVAL results schema. Customers can also login to SecPod's cloud-based visibility platform, SecPod Viser, which allows them to see the details of every endpoint centrally.

Full OVAL Results <AR_8.8>

Indicate how users can review the full OVAL Results of the evaluation of an OVAL Definition on a target system.

SecPod Saner generates OVAL results compatible to the OVAL results schema, which is stored on every endpoint.

Systems Characteristics Producer Capability Questions

The following questions apply to only System Characteristics Producer capabilities.

Collecting System Data <AR_5.2> <AR_5.3>

Explain the criteria used to collect system data that is included in an OVAL System Characteristics document.

SecPod Saner collects system characteristics data for every object defined in the input definition file.

Content Export <AR_5.2> <AR_5.3>

Indicate how the product allows users to export OVAL System Characteristics documents.

SecPod Saner produces system characteristics file after every scan, which is stored on every endpoint.

Adoption Signature

Questions for Signature

Statement of Adoption <AR_1.2>

"As an authorized representative of my organization I agree that we will abide by all of the mandatory adoption requirements as well as all of the additional mandatory adoption requirements that are appropriate for our specific type of capability."

NAME: Chandrashekhar Basavanna
TITLE: CEO

Statement of Accuracy <AR_1.2>

"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability’s use of the OVAL Language and the interpretation of the logic."

NAME: Chandrashekhar Basavanna
TITLE: CEO

Statement on Follow-On Correctness Testing Support <AR_1.7>

"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."

NAME: Chandrashekhar Basavanna
TITLE: CEO

Page Last Updated: February 27, 2014