Name of Your Organization:
jOVAL.org
Web Site:
Adopting Capability:
jOVAL and jovaldi
Capability home page:
Adoption Capabilities
If the functionality is available now, indicate "Yes." If it has been implemented but not released, indicate "Beta". If planned but not currently available, indicate "Planned". If there are no plans for a specific category, that section(s) is not included as part of the questionnaire below.
OVAL Definition Evaluator — Yes
OVAL Systems Characteristics Producer — Yes
Product Accessibility <AR_1.9>
Provide a short description of how and where your capability is made available to your customers and the public.
The product is available for download from our website.
Language Version Indication <AR_1.10>
Describe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content.
The supported OVAL Schema version is noted on the website, and is also displayed prominently by the jOVAL command-line utility, jovaldi.
Error Reporting <AR_2.1>
Indicate how a user who discovers an error in the capability’s use of OVAL can report the error.
Users can contact us by phone or email using information published on our website.
Responding to Error Reports <AR_2.2>
Describe the approach to responding to the above error reports and how applicable fixes will be applied.
Our procedure for handling a reported error is to (1) verify that the error is a functional error and not a usage error or other correct behavior, (2) reproduce the error in-house, (3) evaluate the impact and scope of the error so that a fix can be prioritized with other items on the product roadmap and (4) implement the fix according to the product roadmap schedule. Users will be able to install fixes by retrieving the latest version of the product.
Adoption Documentation <AR_3.1>
Provide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Adoption for any customers.
jOVAL is intended to be used by application developers wishing to embed an OVAL processing engine into their product, and by end-users seeking a multi-platform mechanism for performing network-based OVAL scans. This audience of potential users is assumed to have some prior knowledge of OVAL. General information about the product and the OVAL standard is available on our website.
Language Support <AR_3.2>
List each supported component schema and specific OVAL Tests in those component schemas that are supported. (AR_3.2)
Our list of supported tests is always growing. A complete list of features can be found on our website.
The following are supported:
- independent-definitions-schema.xsd
- Environmentvariable Test
- Family Test
- Textfilecontent Test
- Textfilecontent54 Test
- Unknown Test
- Variable Test
- Xmlfilecontent Test
- ios-definitions-schema.xsd
- Line Test
- Version55 Test
- linux-definitions-schema.xsd
- RpmInfo Test
- solaris-definitions-schema.xsd
- ISA Info Test
- Package Test
- Patch54 Test
- Patch Test
- SMF Test
- windows-definitions-schema.xsd
- File Test
- Group Test
- GroupSid Test
- Registry Test
- User Test
- UserSid55 Test
- UserSid Test
- WMI57 Test
- WMI Test
Core constructs defined in the OVAL Language that are not supported. (AR_3.2)
- EntityAttributeGroup:mask
OVAL Content Error Reporting <AR_3.3>
Provide a copy, or directions to the location, of where the documentation describes the procedure by which errors in OVAL content may be reported for any OVAL content that is produced by the product.
Users who have signed up on our website are provided with a "let us know" link where they are asked to report any problems they encounter. This would include errors in the OVAL documents produced by the product.
Syntax Error Detection and Reporting <AR_4.1> <AR_4.2> <AR_4.3> <AR_4.4>
Indicate how the product or repository detects and reports syntax errors in any OVAL content that is consumed by the product or repository.
jOVAL (the SDK) contains methods for performing Schematron validation of files containing different types of OVAL content (e.g., definitions and system-characteristics). XML schema validation can be performed using standard Java JAXB validation in conjunction with the appropriate .xsd file. Schema definition files are included with the jOVAL distribution.
jovaldi (the command-line program for jOVAL) has options for content validation, including the ability to perform schematron validation. When syntax or structural errors are detected, the program terminates with a message indicating the first error encountered. Depending on the problem, additional errors might be logged in a file.
Type-Specific Capability Questions
Content Transparency <AR_8.1> <AR_8.2>
Indicate how the product allows users to determine which OVAL Definitions are being evaluated and examine the details of those definitions.
jOVAL can output a results.xml file conformant to the OVAL results schema definition. jovaldi outputs this file by default.
Content Import Process Explanation <AR_8.3>
If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.
The product supports consuming OVAL content at runtime.
Content Evaluation <AR_8.4> <AR_8.5> <AR_8.6> <AR_8.7>
Indicate how users can review the detailed results of evaluating an OVAL Definition on a target system.
jOVAL can produce an OVAL results file (compliant with the OVAL results schema), which includes this detailed information. jovaldi produces this full OVAL results file by default. (Both also support filtering the results when a directives file is specified).
Full OVAL Results <AR_8.8>
Indicate how users can review the full OVAL Results of the evaluation of an OVAL Definition on a target system.
jOVAL can produce an OVAL results file (compliant with the OVAL results schema), which includes this detailed information. jovaldi produces this full OVAL results file by default. (Both also support filtering the results when a directives file is specified).
Collecting System Data <AR_5.2> <AR_5.3>
Explain the criteria used to collect system data that is included in an OVAL System Characteristics document.
jOVAL collects system characteristics data for every object defined in the input definition file.
Content Export <AR_5.2> <AR_5.3>
Indicate how the product allows users to export OVAL System Characteristics documents.
jOVAL features a method to support writing a System-Characteristics file. The jovaldi command-line program produces a system-characteristics file by default.
Adoption Signature
Statement of Adoption <AR_1.2>
"As an authorized representative of my organization I agree that we will abide by all of the mandatory adoption requirements as well as all of the additional mandatory adoption requirements that are appropriate for our specific type of capability."
NAME: David A. Solin
TITLE: Project Lead
Statement of Accuracy <AR_1.2>
"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability’s use of the OVAL Language and the interpretation of the logic."
NAME: David A. Solin
TITLE: Project Lead
Statement on Follow-On Correctness Testing Support <AR_1.7>
"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."
NAME: David A. Solin
TITLE: Project Lead
Page Last Updated: November 29, 2011
