OVAL - Compatibility Questionnaire: ThreatGuard (ThreatGuard 4.5)

Compatibility Questionnaire: ThreatGuard (ThreatGuard 4.5) — Archive

Important: The OVAL Compatibility Program was moved to "archive" status in December 2009, and replaced with the "OVAL Adoption Program." Under the OVAL Adoption Program product validation is performed by an external organization, allowing the OVAL Team to focus on educating vendors on best practices regarding the use and implementation OVAL and on how OVAL can continue to evolve as needed by the community.

Refer to the OVAL Adoption Program section for addition information and to review all products and services listed.

General Capability Questions | Accuracy Questions | Documentation Questions | Capability Specific Questions | Statements

Organizational Information

Name of Your Organization:

ThreatGuard

Web Site:

http://www.ThreatGuard.com

Product Information

Product/Service Name:

ThreatGuard 4.5

Compatible Categories:

OVAL Definition Consumer
OVAL Results Producer

Product/Service Home Page:

http://www.ThreatGuard.com

General Capability Questions

Product Accessibility

Provide a short description of how and where your capability is made available to your customers and the public:

ThreatGuard is a single network appliance that provides 24/7, low-impact scanning for vulnerabilities. Multiple appliances can be tied together in a ThreatShield configuration for multi-site correlation of an organization's exposures. These appliances can be purchased through ThreatGuard's dynamic network of Value-Added Resellers (VARs). They can also be purchased directly from ThreatGuard (http://www.threatguard.com/contact.htm).

Accuracy Questions

Language Version Indication

Describe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content:

The ThreatGuard Navigator client application shows the most recent OVAL Schema version used in the "About" screen. This is accessed from the main Navigator menu bar.

Approach for Correction of Errors

Indicate how a user who discovers an error in the capability's use of OVAL can report the error:

We accept email notification of such errors. In response, we work with the reporter (where necessary) to recreate the target environment and thus recreate the error.

Describe the approach to responding to the above error reports and how applicable fixes will be applied:

We apply the fix, perform regression testing across our test lab, then distribute the fix (new software or revised definition) via our centralized live-update system. All Internet-connected appliances will download and install the update wihtin 24 hours. Clients with appliances on closed networks will receive an update CD.

Documentation Questions

Compatibility Documentation

Provide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Compatibility for any customers:

From APPENDIX D of the ThreatGuard User's Manual

About OVAL

Open Vulnerability and Assessment Language (OVAL) is an international, information security community baseline standard for how to check for the presence of vulnerabilities and configuration issues on computer systems. OVAL standardizes the three main steps of the process: collecting system characteristics and configuration information from systems for testing; testing the systems for the presence of specific vulnerabilities, configuration issues, and/or patches; and presenting the results of the tests.

For more information on the OVAL project, please reference "http://oval.mitre.org/about/". Details about OVAL-Compatibility and OVAL-ID Compatibility can be found at "http://oval.mitre.org/compatible/index.html".

Language Support

Indicate the component schemas and/or individual OVAL Tests that the capability does not support for each category of OVAL Compatibility being applied for:

ThreatGuard supports all schemas.

Capability Specific Questions

Finding Elements Using OVAL

Provide details regarding how users can identify and find individual OVAL content (through OVAL-IDs) that is being consumed by the capability. For example, how can a user determine which definitions have been consumed and what the result of each definition is:

From APPENDIX D of the ThreatGuard User's Manual

Finding Vulnerabilities by OVAL ID

The ThreatGuard Navigator allows you to search for vulnerabilities by OVAL ID. The bottom, left-hand corner of the main window has a Search pane as shown at the top of Figure D1. Adjust the search parameter to "OVAL ID", type in the OVAL ID of interest and click the Search button. The Search Results window (also shown in Figure D1) is displayed, holding the title, description, and solution for the vulnerability, as well as all related hosts.

Figure D1

OVAL Content Importation Process Explanation

If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability:

ThreatGuard's products will accept user-defined OVAL content at runtime.

Statements

Statement of Compatibility

Have an authorized individual sign and date the following Compatibility Statement (required):

"As an authorized representative of my organization I agree that we will abide by all of the mandatory Compatibility Requirements as well as all of the additional mandatory Compatibility Requirements that are appropriate for our specific type of capability."

Name:		Robert L. Hollis
Title:		Director of Product Development

Statement of Accuracy

Have an authorized individual sign and date the following accuracy Statement (recommended):

"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability's use of OVAL schema and logic."

Name:		Robert L. Hollis
Title:		Director of Product Development

Statement on Follow-on Correctness Testing Support

Have an authorized individual sign and date the following statement about your organizations willingness to support correctness testing of other capabilities, which will be managed by the Reviewing Authority and kept to reasonable levels of effort for all involved. (required):

"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."

Name:		Robert L. Hollis
Title:		Director of Product Development

Page Last Updated: December 17, 2009

Items of Interest

Compatibility Archive