OVAL in Use

OVAL in Use

As the standard for determining vulnerability and configuration issues on computer systems, the OVAL Language and OVAL content are used in numerous information security products and services from around the world. OVAL also helps in Making Security Measurable.

OVAL Adoption Program

Use of OVAL in information security products and services enhances these areas of enterprise security:

Sponsor: NCSD

Government

Security Content Automation Protocol (SCAP)

OVAL is one of six existing standards the U.S. National Institute of Standards and Technology’s (NIST) SCAP to enable automated vulnerability management, measurement, and policy compliance evaluation.

Extensible Configuration Checklist Description Format (XCCDF)

XCCDF’s default configuration checking technology is OVAL.

DoD Contracts

U.S. Defense Information Systems Agency (DISA) issued Task Order 232 in June 2004 for information assurance applications for the Department of Defense (DoD) that requires the use of products that use OVAL.

Databases Including OVAL-IDs

OVAL Content Repositories

The following host OVAL content, which can include OVAL Definitions, OVAL System Characteristics files, and/or OVAL Results files:

Sponsor, OVAL Repository: NCSD

Community

Platforms Incorporating the OVAL Interpreter

Databases and Advisories Including OVAL-IDs

Common Announcement Interchange Format (CAIF)

RUS-CERT’s CAIF documents are able to incorporate OVAL Definitions.

Service Oriented Architecture (SOA)

PatchLink Corporation’s SOA is built around OVAL in order to encourage cooperative development and interoperability between vendor products.

Back to top

Page Last Updated: January 04, 2012