d019c12841
* Introduce SCAP genneration code * Add input creation commands * Initial documentation * Parameterize benchmark @id suffix * Remove OpenSCAP reference * Remove OpenSCAP reference from README.md * Change description to simply be the title * Remove <notice> * Parameterize data stream collection suffix * Make inclusion of SCAP references optional by default. * Pursue elusive document version * Comment out debug message * Correct typo in Makefile * Correct emit-namespaces and emit-schemaLocation Both currently unused at this time Insert xml-model processing instruction for SCAP schema * Provide transform to indent and excise some node types This can be used to render concise SCAP XML documents a bit easier to read. (But at the cost of increased size). XML comment and process0-instruction nodes will be excised. The transform can be used with any XSLT 1.0+ implementation (such as xsltproc). * Add timestamp to report and identify description * Remove superfluous <mark> element * Pursue wandering contributors * Add validation example to Makefile * Add "-g" argument to generate_guidance.py * Remove xsi:schemaLocation removal * Correct xsi:schemaLocation targets * Add validation step * Correct xsi:schemaLocation targets (again) To use absolute locations * Add CPE 2.3 platform designation * Correct intra-document CPE-related constructs * Correct double-reversed id "namespace" and "name" * Correct double-reversed id "namespace" and "name" * Correct Group warning selection * Tidy up document pre-root comments * Remove validation step from default make Add SCAP and NVD references. * SCAP 1.3 Schematron rules Find errors missed by others. Not part of build steps.
2.1 KiB
SCAP Content Generation
Generation of SCAP content uses XSLT to create an XCCDF document with an accompanying OVAL document, bundled into an SCAP data stream collection document.
Steps:
- Generate the "all rules" variant of the checklist in HTML form.
- Generate the "all rules" variant of the checklist in OVAL form.
- Generate the XCCDF document using the "all rules" checklist and OVAL as inputs.
- Generate the SCAP data stream document using the XCCDF and OVAL documents.
- Generate a report from the XCCDF document to be used for quality checking.
These steps are configured within the Makefile.
Dependencies
The supplied Makefile relies on the following components:
-
HTML Tidy — Tidy is an HTML/XML syntax checker and reformatter.
-
Saxon 10 — Saxon is an XSLT 3.0 implementation. The HE variant, which is open source, will suffice for the XSL transformations.
Optional components
- SCAP Content Validation Tool (SCAPVal) — See SCAP Content Validation Tool under "Tools". Version 1.3.5 or later is required.
SCAP References
Security Content Automation Protocol (SCAP) 1.3
That page has links to most of the SCAP-related normative documents.
An SCAP data stream (typically) consists of several XML documents knit together in a containing XML document. The component documents are
- An XCCDF document
- An OVAL document referenced by the XCCDF document
- An OCIL document referenced by the XCCDF document
- A CPE dictionary document referenced by the XCCDF document
- An OVAL document referenced by the CPE dictionary document
National Checklist Program for IT Products: Guidelines for Checklist Users and Developers