Related Efforts

This page notes other cyber security structuring and standardization efforts that have direct relationships to OVAL. The name of the effort and a brief description of it and its relationship to OVAL are included below.

Common Vulnerabilities and Exposures (CVE®)

OVAL Vulnerability Definitions are based primarily on CVE, a dictionary of standardized identifiers and descriptions for publicly known information security vulnerabilities and exposures developed by The MITRE Corporation in cooperation with the international security community.

In addition, the OVAL Repository is registered as "Officially CVE-Compatible" by the CVE project. For detailed information, see our Statement of CVE Compatibility.

Extensible Configuration Checklist Description Format (XCCDF)

XCCDF is an XML-based specification language for expressing security configuration checklists and other sets of system assessment rules that point to other XML documents such as OVAL and Open Checklist Interactive Language (OCIL) documents, which contain the actual instructions for performing the checks. In addition, OVAL, XCCDF, and OCIL are the main checking languages used by Security Content Automation Protocol (SCAP).

Open Checklist Interactive Language (OCIL™)

OCIL provides a standardized framework for collecting information from people so that their responses are machine-readable for processing by software products.

OCIL can be used in conjunction with OVAL when portions of an assessment cannot be automated and require operator input for certain questions. In addition, both OVAL and OCIL produce XML-based output so results can be combined to produce a report or lead to an action.

OVAL, OCIL, and Extensible Configuration Checklist Description Format (XCCDF) are the main checking languages used by Security Content Automation Protocol (SCAP).

Making Security Measurable (MSM)

MSM is a gathering place for information about a variety of cyber security structuring and standardization efforts, including OVAL.

MSM provides enterprises and practitioners in all of areas of cyber security a single location to tie a variety of efforts together, in order to help make enterprise cyber security more manageable and measurable.

Security Content Automation Protocol (SCAP)

SCAP and other efforts seeking to improve and automate the cyber security ecosystem.

OVAL is a main component of SCAP, which uses OVAL and other existing standards to enable enterprise solutions for automated vulnerability management, measurement, and policy compliance.

OVAL SCAP content is hosted in the U.S. National Vulnerability Database (NVD).

U.S. National Vulnerability Database (NVD)

NVD is the U.S. government repository of standards-based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).

NVD includes OVAL-IDs as references and is searchable by OVAL-ID. NVD also hosts OVAL SCAP content.

Back to top

Page Last Updated: February 01, 2013