OVAL Adoption > Questionnaires

Name of Your Organization:

ThreatGuard, Inc.

Web Site:

http://www.threatguard.com

Adopting Capability:

Secutor Magnus

Capability home page:

http://threatguard.com/products/secutor-magnus

General Capability Questions

Adoption Capabilities

If the functionality is available now, indicate "Yes." If it has been implemented but not released, indicate "Beta". If planned but not currently available, indicate "Planned". If there are no plans for a specific category, that section(s) is not included as part of the questionnaire below.

OVAL Definition Evaluator — Yes
OVAL Systems Characteristics Producer — Yes
OVAL Results Consumer — Yes

Product Accessibility <AR_1.9>

Provide a short description of how and where your capability is made available to your customers and the public.

Secutor Magnus is available for evaluation download by contacting ThreatGuard at sales@threatguard.com and by calling us at 210.490.4018.

Language Version Indication <AR_1.10>

Describe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content.

Secutor Magnus indicates its OVAL Language version in the Server Details text off the help menu.

Capability Correctness Questions

Error Reporting <AR_2.1>

Indicate how a user who discovers an error in the capability’s use of OVAL can report the error.

All correctness and functional issues should be reported to support@threatguard.com.

Responding to Error Reports <AR_2.2>

Describe the approach to responding to the above error reports and how applicable fixes will be applied.

ThreatGuard responds promptly to error reports without any preconceptions of the content being the source of the error. We try to ascertain and recreate the environment in which the error was found. If we find that the error is a content issue, we convey the problem to the custodian if we have a viable relationship with that custodian to do so. Errors in OVAL logic are corrected immediately and fielded in the next release of the product. Upgrades are available via free download either automatically or at the user’s convenience.

Documentation Questions

Adoption Documentation <AR_3.1>

Provide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Adoption for any customers.

OVAL adoption is described in Secutor Magnus’ on-board help system along with documentation for XCCDF, CPE, CCE, CVE, CVSS, and SCAP in general.

Language Support <AR_3.2>

List each supported component schema and specific OVAL Tests in those component schemas that are supported. (AR_3.2)

Secutor Magnus supports all OVAL test types and capabilities for Windows, Unix, and Linux as defined in the SCAP v1.2 requirements. The product includes additional support for a variety of other platforms including HP-UX, Solaris, BlackBerry Enterprise Server, VMware ESX, Cisco IOS, IBM AIX, and Apple OSX.

Assessment Method <AR_3.3>

List each supported component schema and specific OVAL Tests in those component schemas that are supported. (AR_3.2)

Query to a database of an endpoint's current configuration settings.
Assessment of state by a host-based sensor.
Assessment of state by a remote-scanning sensor.

OVAL Content Error Reporting <AR_3.4>

Provide a copy, or directions to the location, of where the documentation describes the procedure by which errors in OVAL content may be reported for any OVAL content that is produced by the product.

We don't place the burden on our customers to differentiate between content and interpreter problems. Also, we don't automatically assume that a false reading is a content problem. Typically, we find that the customer simply recognizes a general problem and we work with that customer to determine the nature of that problem. If we mutually agree that the problem is indeed a content problem, we follow our content error reporting process.

Content Validity Questions

Syntax Error Detection and Reporting <AR_4.1> <AR_4.2> <AR_4.3> <AR_4.4>

Indicate how the product or repository detects and reports syntax errors in any OVAL content that is consumed by the product or repository.

Upon loading content, the user can check the ‘Validate’ checkbox to ensure syntactic correctness.

Type-Specific Capability Questions

Definition Evaluator Capability Questions

Content Transparency <AR_8.1> <AR_8.2>

Indicate how the product allows users to determine which OVAL Definitions are being evaluated and examine the details of those definitions.

Secutor Magnus maintain a trail of OVAL Notes that clearly show the OVAL Definition, each test, and how the outcome of each test falls into the overall logic of the definition's criteria.

Content Import Process Explanation <AR_8.3>

If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.

We are strong advocates of processing the raw SCAP XML at runtime (including both XCCDF and OVAL). This native processing grants us ultimate flexibility as OVAL evolves and as new use cases are introduced.

Content Evaluation <AR_8.4> <AR_8.5> <AR_8.6> <AR_8.7>

Indicate how users can review the detailed results of evaluating an OVAL Definition on a target system.

Once the assessment is performed, the results are organized by target. Summary information is provided per benchmark and OVAL definition collection. Detailed information about each definition is accessed by drilling down through the results. All results are color-coded by status (pass/fail/etc). Additional information is provided including a variety of references including OVAL-ID, CVE, and CVSS vector where available. OVAL Notes are available that clearly show the OVAL Definition, each test, and how the outcome of each test falls into the overall logic of the definition's criteria.

Full OVAL Results <AR_8.8>

Indicate how users can review the full OVAL Results of the evaluation of an OVAL Definition on a target system.

OVAL Results output is currently relegated to one of Magnus' companion products (Prime and S-CAT). These products are included with a license for Secutor Magnus.

One of S-CAT command line options allows designation of the output format to use, include the OVAL FULL Results format.

Results Consumer Capability Questions

Examine Imported Content <AR_9.1> <AR_9.2>

Indicate how users can review OVAL Results that are imported into the product and explain how users can determine which endpoint a particular set of results applies to.

Secutor Magnus can import OVAL results in one of two ways. They can be imported interactively from the File-->Import menu on the Navigator application. The results files can also be copied to the "results" folder on the server and get automatically imported. Multiple results files can be imported at the same time using either method. They are displayed and organized by target in the same way as live assessment results. The hosts are listed by unique IP address, hostname, or other identifiers. When a host is selected, the assessment results of each oval definition are shown in the display. These results can be interactively viewed and/or use to generate human-readable reports.

Content Import Process Explanation <AR_9.3>

If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.

Users import any valid OVAL content into Secutor Magnus using the Content Manager tool. This loads the content into the included database and is immediately available for use in performing assessments.

Systems Characteristics Producer Capability Questions

Collecting System Data <AR_5.2> <AR_5.3>

Explain the criteria used to collect system data that is included in an OVAL System Characteristics document.

Since our products process the raw OVAL XML at runtime, all criteria required to capture the data necessary for System Characteristics output is inherently a part of every assessment.

Content Export <AR_5.2> <AR_5.3>

Indicate how the product allows users to export OVAL System Characteristics documents.

System Characteristics output is included in the FULL OVAL Results output.

Adoption Signature

Questions for Signature

Statement of Adoption <AR_1.2>

"As an authorized representative of my organization I agree that we will abide by all of the mandatory adoption requirements as well as all of the additional mandatory adoption requirements that are appropriate for our specific type of capability."

NAME: Randal S. Taylor
TITLE: Chief Technology Officer

Statement of Accuracy <AR_1.2>

"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability’s use of the OVAL Language and the interpretation of the logic."

NAME: Randal S. Taylor
TITLE: Chief Technology Officer

Statement on Follow-On Correctness Testing Support <AR_1.7>

"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."

NAME: Randal S. Taylor
TITLE: Chief Technology Officer

Page Last Updated: February 28, 2014