Name of Your Organization:

ThreatGuard, Inc.

Web Site:

http://www.threatguard.com

Adopting Capability:

Secutor Compliance Automation Toolkit (S-CAT)

Capability home page:

http://threatguard.com/products/secutor-cat

General Capability Questions

Adoption Capabilities

If the functionality is available now, indicate "Yes." If it has been implemented but not released, indicate "Beta". If planned but not currently available, indicate "Planned". If there are no plans for a specific category, that section(s) is not included as part of the questionnaire below.

OVAL Definition Evaluator — Yes
OVAL Systems Characteristics Producer — Yes

Product Accessibility <AR_1.9>

Provide a short description of how and where your capability is made available to your customers and the public.

S-CAT is available for evaluation download by contacting ThreatGuard at sales@threatguard.com and by calling us at 210.490.4018.

Language Version Indication <AR_1.10>

Describe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content.

S-CAT provides its OVAL Language version in output of the -V (version) command line option.

Capability Correctness Questions

Error Reporting <AR_2.1>

Indicate how a user who discovers an error in the capability’s use of OVAL can report the error.

All correctness and functional issues should be reported to support@threatguard.com.

Responding to Error Reports <AR_2.2>

Describe the approach to responding to the above error reports and how applicable fixes will be applied.

ThreatGuard responds promptly to error reports without any preconceptions of the content being the source of the error. We try to ascertain and recreate the environment in which the error was found. If we find that the error is a content issue, we convey the problem to the custodian if we have a viable relationship with that custodian to do so. Errors in OVAL logic are corrected immediately and fielded in the next release of the product. Upgrades are available via free download either automatically or at the user’s convenience.

Documentation Questions

Adoption Documentation <AR_3.1>

Provide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Adoption for any customers.

OVAL adoption is described in S-CAT’s PDF documentation (SCAP SoI.pdf) along with documentation for XCCDF, CPE, CCE, CVE, CVSS, and SCAP in general.

Language Support <AR_3.2>

List each supported component schema and specific OVAL Tests in those component schemas that are supported.

S-CAT supports all OVAL test types and capabilities for Windows, Unix, and Linux as defined in the SCAP v1.2 requirements. The product includes additional support for a variety of other platforms including HP-UX, Solaris, BlackBerry Enterprise Server, VMware ESX, Cisco IOS, IBM AIX, and Apple OSX.

OVAL Assessment Method <AR_3.3>

List each supported component schema and specific OVAL Tests in those component schemas that are supported.

Query to a database of an endpoint's current configuration settings.
Assessment of state by a host-based sensor.
Assessment of state by a remote-scanning sensor.

OVAL Content Error Reporting <AR_3.4>

Provide a copy, or directions to the location, of where the documentation describes the procedure by which errors in OVAL content may be reported for any OVAL content that is produced by the product

We don't place the burden on our customers to differentiate between content and interpreter problems. Also, we don't automatically assume that a false reading is a content problem. Typically, we find that the customer simply recognizes a general problem and we work with that customer to determine the nature of that problem. If we mutually agree that the problem is indeed a content problem, we follow our content error reporting process.

Content Validity Questions

Syntax Error Detection and Reporting <AR_4.1> <AR_4.2> <AR_4.3> <AR_4.4>

Indicate how the product or repository detects and reports syntax errors in any OVAL content that is consumed by the product or repository.

One of S-CAT command-line options (-V) is used to validate the content prior to processing.

Type-Specific Capability Questions

Definition Evaluator Capability Questions

Content Transparency <AR_8.1> <AR_8.2>

Indicate how the product allows users to determine which OVAL Definitions are being evaluated and examine the details of those definitions.

S-CAT maintain a trail of OVAL Notes that clearly show the OVAL Definition, each test, and how the outcome of each test falls into the overall logic of the definition's criteria.

Content Import Process Explanation <AR_8.3>

If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.

We are strong advocates of processing the raw SCAP XML at runtime (including both XCCDF and OVAL). This native processing grants us ultimate flexibility as OVAL evolves and as new use cases are introduced.

Content Evaluation <AR_8.4> <AR_8.5> <AR_8.6> <AR_8.7>

Indicate how users can review the detailed results of evaluating an OVAL Definition on a target system.

While S-CAT is not intended to be operated interactively, it can perform an OVAL assessment and automatically save the results file. This file includes a transform to render an HTML report for viewing results. In addition to the assessment status of each definition, S-CAT maintains a trail of OVAL Notes that clearly show the OVAL Definition, each test, and how the outcome of each test falls into the overall logic of the definition's criteria. This process provides and in-depth explanation of how we reach each result, including values discovered on the target system.

Full OVAL Results <AR_8.8>

Indicate how users can review the full OVAL Results of the evaluation of an OVAL Definition on a target system.

One of S-CAT command line options allows designation of the output format to use, include the OVAL FULL Results format.

Systems Characteristics Producer Capability Questions

Collecting System Data <AR_5.2> <AR_5.3>

Explain the criteria used to collect system data that is included in an OVAL System Characteristics document.

Since our products process the raw OVAL XML at runtime, all criteria required to capture the data necessary for System Characteristics output is inherently a part of every assessment.

Content Export <AR_5.2> <AR_5.3>

Indicate how the product allows users to export OVAL System Characteristics documents.

System Characteristics output is included in the FULL OVAL Results output.

Adoption Signature

Questions for Signature

Statement of Adoption <AR_1.2>

"As an authorized representative of my organization I agree that we will abide by all of the mandatory adoption requirements as well as all of the additional mandatory adoption requirements that are appropriate for our specific type of capability."

NAME: Randal S. Taylor
TITLE: Chief Technology Officer

Statement of Accuracy <AR_1.2>

"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability’s use of the OVAL Language and the interpretation of the logic."

NAME: Randal S. Taylor
TITLE: Chief Technology Officer

Statement on Follow-On Correctness Testing Support <AR_1.7>

"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."

NAME: Randal S. Taylor
TITLE: Chief Technology Officer

Page Last Updated: February 28, 2014