Name of Your Organization:
Tripwire, Inc.
Web Site:
Adopting Capability:
Tripwire Enterprise
Capability home page:
http://www.tripwire.com/it-security-software/scm/tripwire-enterprise/
Adoption Capabilities
If the functionality is available now, indicate "Yes." If it has been implemented but not released, indicate "Beta". If planned but not currently available, indicate "Planned". If there are no plans for a specific category, that section(s) is not included as part of the questionnaire below.
OVAL Systems Characteristics Producer — Yes
OVAL Definition Evaluator — Yes
OVAL Results Consumer — Yes
Product Accessibility <AR_1.9>
Provide a short description of how and where your capability is made available to your customers and the public.
The OVAL support is provided in the SCP component of Tripwire Enterprise and the Tripwire Via Agent and is accessed through the SCP REST API.
Language Version Indication <AR_1.10>
Describe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content.
Supported Standards
After installing and configuring the software as outlined in this document, Tripwire Enterprise meets the requirements of the following standards:
- SCAP 1.0, 1.1, and 1.2 - see SCAP 1.2 validation for Authenticated Configuration Scanner (ACS) with the CVE option as described at http://scap.nist.gov/validation
- XCCDF versions 1.2 and 1.1.4, as described at http://scap.nist.gov/specifications/xccdf
- OVAL Language versions 5.3 through 5.10, as described at http://oval.mitre.org
Error Reporting <AR_2.1>
Indicate how a user who discovers an error in the capability’s use of OVAL can report the error.
Contact Tripwire customer support at 1.866.897.8776 or visit https://secure.tripwire.com/customers/contact-support.cfm
Responding to Error Reports <AR_2.2>
Describe the approach to responding to the above error reports and how applicable fixes will be applied.
Tripwire customer support will track the issue. Issues approved by Tripwire Product Management may be addressed in product patches, releases, or via support-provided fixes.
Adoption Documentation <AR_3.1>
Provide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Adoption for any customers.
Tripwire Enterprise ships with the SCAP Guide (te_scap_guide.pdf) which provides instructions on using OVAL content with Tripwire Enterprise.
Language Support <AR_3.2>
List each supported component schema and specific OVAL Tests in those component schemas that are supported. (AR_3.2)
independent-definitions-schema.xsd
- all tests supported
linux-definitions-schema.xsd
- all tests supported
unix-definitions-schema.xsd
- all tests supported
windows-definitions-schema.xsd
- all tests supported
List any core constructs defined in the OVAL Language that are not supported. (AR_3.2)
- All core constructs are supported.
OVAL Assessment Method<AR_3.3>
List each supported assessment method if applicable. (AR_3.3)
- Assessment of state by a host-based sensor.
OVAL Content Error Reporting <AR_3.4>
Provide a copy, or directions to the location, of where the documentation describes the procedure by which errors in OVAL content may be reported for any OVAL content that is produced by the product.
Contact Tripwire customer support at 1.866.897.8776 or visit https://secure.tripwire.com/customers/contact-support.cfm
Syntax Error Detection and Reporting <AR_4.1> <AR_4.2> <AR_4.3> <AR_4.4>
Indicate how the product or repository detects and reports syntax errors in any OVAL content that is consumed by the product or repository.
Tripwire Enterprise validates all content against OVAL schema and schematron during import. Any errors found are reported to the user and import fails.
Content Transparency <AR_8.1> <AR_8.2>
Indicate how the product allows users to determine which OVAL Definitions are being evaluated and examine the details of those definitions.
The user may export the OVAL Results separately or as part of an ARF document. The results indicate which OVAL Definitions have been run. The user may also export the original OVAL Definitions. Both are performed via the SCP component's REST API.
Additional details are provided for the customer in Tripwire Enterprise SCAP Guide.
Content Import Process Explanation <AR_8.3>
If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.
Content imported into Tripwire Enterprise by the user is immediately available for scanning endpoints by the user.
Additional details are provided for the customer in Tripwire Enterprise SCAP Guide.
Content Evaluation <AR_8.4> <AR_8.5> <AR_8.6> <AR_8.7>
Indicate how users can review the detailed results of evaluating an OVAL Definition on a target system.
The System Characteristics and full OVAL results are available via the SCP component's REST interface.
Additional details are provided for the customer in Tripwire Enterprise SCAP Guide.
Full OVAL Results <AR_8.8>
Indicate how users can review the full OVAL Results of the evaluation of an OVAL Definition on a target system.
The System Characteristics and full OVAL results are available via the SCP component's REST interface.
Additional details are provided for the customer in Tripwire Enterprise SCAP Guide.
Examine Imported Content <AR_9.1> <AR_9.2>
Indicate how users can review OVAL Results that are imported into the product and explain how users can determine which system a particular set of results applies to.
The System Characteristics and SCAP ARF documents are available via the REST interface. The System Characteristics contain data to identify the endpoint (hostname and IP addresses). The SCAP ARF Document identifies the endpoint using the NIST Asset Inventory format.
Additional details are provided for the customer in Tripwire Enterprise SCAP Guide.
Content Import Process Explanation <AR_9.3>
If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.
Tripwire Enterprise is an at-runtime results consumer.
Collecting System Data <AR_5.2> <AR_5.3>
Explain the criteria used to collect system data that is included in an OVAL System Characteristics document.
The Tripwire Enterprise VIA Agent collects only the objects required to satisfy the OVAL definitions specified for a particular scan (e.g., those selected by an SCAP Profile).
Content Export <AR_5.2> <AR_5.3>
Indicate how the product allows users to export OVAL System Characteristics documents.
The System Characteristics and full OVAL results are available via the SCP component's REST interface.
Additional details are provided for the customer in Tripwire Enterprise SCAP Guide.
Adoption Signature
Statement of Adoption <AR_1.2>
"As an authorized representative of my organization I agree that we will abide by all of the mandatory adoption requirements as well as all of the additional mandatory adoption requirements that are appropriate for our specific type of capability."
NAME: Michael Thelander
TITLE: Director, Product Management
Statement of Accuracy <AR_1.2>
"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability’s use of the OVAL Language and the interpretation of the logic."
NAME: Michael Thelander
TITLE: Director, Product Management
Statement on Follow-On Correctness Testing Support <AR_1.7>
"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."
NAME: Michael Thelander
TITLE: Director, Product Management
Page Last Updated: June 19, 2014
