OVAL in Use
As the standard for determining vulnerability and configuration issues on computer systems, the OVAL Language and OVAL content are used in numerous information security products and services from around the world. OVAL also helps in Making Security Measurable.
Use of OVAL in information security products and services enhances these areas of enterprise security:
Sponsor: CS&C
Government
Security Content Automation Protocol (SCAP)
OVAL is one of ten existing standards the U.S. National Institute of Standards and Technology’s (NIST) SCAP to enable automated vulnerability management, measurement, and policy compliance evaluation.
Extensible Configuration Checklist Description Format (XCCDF)
XCCDF’s default configuration checking technology is OVAL.
DoD Contracts
U.S. Defense Information Systems Agency (DISA) issued Task Order 232 in June 2004 for information assurance applications for the Department of Defense (DoD) that requires the use of products that use OVAL.
Databases Including OVAL-IDs
The following host OVAL content, which can include OVAL Definitions, OVAL System Characteristics files, and/or OVAL Results files:
- The OVAL® Repository
- Altx-Soft Repository of OVAL Content
- Cisco Security Intelligence Operations repository
- Debian Project’s OVAL Definitions
- DISA FSO STIGs SCAP repository
- IT Security Database Repository of OVAL Content
- NIST’s SCAP Repository of OVAL Content
- Novell, Inc.’s SUSE Linux Enterprise OVAL Information database
- Positive Technologies CJSC’s Repository of OVAL Content
- Red Hat, Inc.’s OVAL Patch Definitions
- SECURITY-DATATBASE
- SecPod Technologies SCAP Feed and Repository
Sponsor, OVAL Repository: CS&C
Community
Platforms Incorporating the OVAL Interpreter
- Debian 5.3-1 (Debian Project)
- openSUSE 10.3 (Maitreya Security)
- Fedora 7 / Fedora 8 (Red Hat, Inc.)
Databases and Advisories Including OVAL-IDs
- Open Source Vulnerability Database (OSVDB)
- SecuritySpace.com
- French Security Incident Response Team (FrSIRT)
- Slovenian Computer Emergency Response Team (SI-CERT)
Common Announcement Interchange Format (CAIF)
RUS-CERT’s CAIF documents are able to incorporate OVAL Definitions.
Service Oriented Architecture (SOA)
PatchLink Corporation’s SOA is built around OVAL in order to encourage cooperative development and interoperability between vendor products.
Page Last Updated: May 07, 2013
