Date Sent: 3/17/2014 Date Completed: 4/2/2014 Ballot: * Item 1: To include the win-def:ntuser_test in the official 5.11 version of the OVAL Language. Overall Results: Yes: 10 No: 6 Total Organizations: 24 Quorum Required: 13 Total Vote: 16 Individual Results: Organization Vote -------------------------------------------------------------------------------------- Assuria Limited Y BeyondTrust, Inc. N IBM Corporation N INADEV Corporation Y Lancope, Inc. -------------------------------------------------------------------------------------- jOVAL.org Y McAfee, Inc. N Modulo N Qualysys, Inc. Y RSA Security -------------------------------------------------------------------------------------- SecPod Technologies Symantec Corporation Y ThreatGuard, Inc. N Cisco Systems, Inc. Microsoft Corporation -------------------------------------------------------------------------------------- Red Hat, Inc. N Center for Internet Security Y Depository Trust & Clearing Corporation (DTCC) Y Rockport Systems Unified Compliance -------------------------------------------------------------------------------------- Nils Puhlmann (individual) National Institute of Standards and Technology Y SPAWAR, U.S. Navy Y MITRE Corporation Y -------------------------------------------------------------------------------------- Background: Jack Vander Pol of SPAWAR proposed and added to the sandbox, the win-def: ntuser_test to allow for the assessment of Windows user accounts via NTUser.dat files. The attached form contains detailed information about the proposal. The following links to the oval-developer-list discussion on this topic: http://making-security-measurable.1364806.n2.nabble.com/NT-User-Test-follow-up-tp7581359.html http://making-security-measurable.1364806.n2.nabble.com/FOR-REVIEW-Windows-ntuser-Proposal-Form-tp7582537.html It is important to note that during conversations over the oval-developer-list on this topic, two concerns were raised: 1. That a more comprehensive offline registry test was needed and that this should be considered a sub-case of that test. 2. That the implementation requires the use of APIs for which Microsoft has not officially provided documentation. From the conversation found in thread linked above, the consensus regarding (1) seemed to be that while this could be part of a broader offline registry test, the NT User case has slightly different requirements and that this was still an important test to include. With respect to (2), while Microsoft does not provide documentation on the file format directly, it has been stable since NT 4.0. This remains a valid concern and should be considered as part of this proposal.