Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2368
Views
0
Helpful
0
Comments

OVAL Definitions for the Cisco IOS Software Security Advisories since March 2010

Omar Santos
Cisco Employee
Cisco Employee

‎07-28-2013 10:02 AM - edited ‎03-08-2019 06:51 PM

The Open Vulnerability and Assessment Language (OVAL) is an international community standard to promote open and publicly available security content, and to standardize the transfer of this information in security tools and services. OVAL is part of the Security Content Automation Protocol (SCAP) specifications. OVAL’s main purpose is to assist security administrators by accelerating the process of analyzing a system for the presence of a vulnerability or configuration best practices. MITRE’s OVAL website contains a detailed definition at: http://oval.mitre.org/about/index.html

OVAL speeds up information exchange and processing of such security-related information. Using OVAL security administrators and other users can accelerate the process of detecting software vulnerabilities in Cisco IOS Software. OVAL content (often called “definitions”) can be downloaded directly from Cisco IOS security advisories

OVAL Definitions are XML files that contain information about how to check a system for the presence of vulnerabilities, configuration issues, patches, installed applications, or other characteristics of such system. For vulnerability checks, definitions are written to check for a vulnerability, often identified by a specificCommon Vulnerabilities and Exposures (CVE) identifier. OVAL definitions must comply with the OVAL Definition Schema, and should be written in accordance with the Authoring Style Guide defined by MITRE. MITRE’s “OVAL Definition Lifecycle” website has a detailed description of the OVAL definition process:
http://oval.mitre.org/repository/about/stages.html

You can obtain all OVAL definitions using the Cisco PSIRT openVuln API, the Cisco PSIRT OVAL repository , the Cisco OVAL RSS feed , and at each Cisco IOS security advisory.

Note: CVRF files are available for all security advisories; however, OVAL is only supported in Cisco IOS advisories. Cisco is working with MITRE and the OVAL community to enhance and develop new schemata to enhanced Cisco IOS support and potentially other Cisco Products. Several changes have already been submitted and integrated in MITRE’s OVAL Language Sandbox.

OVAL enables interoperability between security and network management products from different vendors in different vertical markets allowing them to quickly and automatically perform vulnerability and compliance assessment of network infrastructure and networking devices. All organizations participating in the OVAL Adoption Program are listed in MITRE’s website at: http://oval.mitre.org/adoption/participants.html
Many vendors are working on integrating Cisco IOS schemata support into their products. An example of an open source tool that supports the Cisco IOS OVAL schema is jOVAL. For more information about jOVAL visit: http://joval.org

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents