Compatibility Questionnaire: KACE Networks, Inc. (KBOX 1000 Series Systems Management Appliances) — Archive
Name of Your Organization:
Product/Service Home Page:
Directly from KACE. For more information, see http://www.kace.com or call
Language Version Indication
KBOX 1000 Series appliances contact kace.com nightly for updates to the OVAL Definition and engine files. These files are downloaded and processed by each deployed KBOX 1000 Series appliance. Any changes are pushed out automatically to the client nodes.
The first page viewed when logging into the Admin UI is a summary of the current status of the KBOX. Included on this page is the OVAL Schema information including:
- Last successful download
- Total OVAL tests
- OVAL schema version
- OVAL schema timestamp
Approach for Correction of Errors
where it can be reviewed and reproduced.
addressed and after testing, deployed via the automatic nightly download
From the Administrator’s Guide to KBOX 2.1 manual, Chapter 8, Security Module Overview:
The KBOX Security Enforcement and Audit Module uses Open Vulnerability and Assessment Language (OVAL), an internationally recognized standard for detecting security vulnerabilities and configuration issues on computer systems. OVAL is compatible with the Common Vulnerabilities and Exposures (CVE) list, which provides common names used to describe known vulnerabilities and exposures. The ability to describe vulnerabilities and exposures in a common language makes it easier to share security data with other CVE-compatible databases and tools.
About OVAL and CVE
OVAL relies on definitions submitted by members of the security community on the Community Forum, by MITRE Corporation, or by the OVAL Board, to detect vulnerabilities on your network. OVAL uses the vulnerabilities on the CVE List as the basis for most of its definitions. CVE content is determined by the CVE Editorial Board, which is composed of experts from the international information security community. Any new information about a vulnerability that is uncovered as a result of discussions on the Community Forum are sent to the CVE Initiative for possible addition to the list. For more information about CVE visit http://cve.mitre.org. OVAL definitions pass through a series of phases before being released. Depending on where a definition is in this process, it will likely be assigned a status of DRAFT, INTERIM, or ACCEPTED. Other possible values for status are Initial Submission and Deprecated. For more information about the stages of OVAL definitions, visit http://oval.mitre.org/about/stages.html.
Finding Elements Using OVAL
The KBOX user interface is extremely intuitive. To view the list of OVAL definitions, click the Security button at the top of the UI, then select the OVAL Tests tab. The following image describes the OVAL Test tab contents:
The KBOX 1000 Series user interface is extremely intuitive. To view the results of OVAL scans, click the Security button at the top of the UI, then select the "OVAL Reports" tab. The following image describes the OVAL Reports tab contents:
By clicking on an individual test description, you can see detailed information regarding that specific OVAL test including which machines on your network have failed the test.
OVAL Content Importation Process Explanation
Statement of Compatibility
Have an authorized individual sign and date the following Compatibility Statement (required):
"As an authorized representative of my organization I agree that we will abide by all of the mandatory Compatibility Requirements as well as all of the additional mandatory Compatibility Requirements that are appropriate for our specific type of capability."
Statement of Accuracy
Have an authorized individual sign and date the following accuracy Statement (recommended):
"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability's use of OVAL schema and logic."
Statement on Follow-on Correctness Testing Support
Have an authorized individual sign and date the following statement about your organizations willingness to support correctness testing of other capabilities, which will be managed by the Reviewing Authority and kept to reasonable levels of effort for all involved. (required):
"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."
Page Last Updated: December 17, 2009