Requirement | Count | Level | Type | Description | Location | Test |
---|---|---|---|---|---|---|
A21 | 1 (of 2) |
INFO | SCHEMATRON | oval:gov.nist.validation.cpe.oval:tst:101 - The OVAL test type is not checked in the NIST SCAP Validation Program. | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][3]/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:tests[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:rpminfo_test[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5#linux'][1] | exists(document(concat('','/validation_program_oval_test_types.xml'))/test_types/test_type[@namespace eq namespace-uri(current()) and @name eq local-name(current())]) |
A21 | 1 (of 2) |
INFO | SCHEMATRON | oval:gov.nist.validation.cpe.oval:tst:1102 - The OVAL test type is not checked in the NIST SCAP Validation Program. | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][3]/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:tests[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:plist510_test[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5#macos'][1] | exists(document(concat('','/validation_program_oval_test_types.xml'))/test_types/test_type[@namespace eq namespace-uri(current()) and @name eq local-name(current())]) |
207-1 | 1 (of 9) |
WARN | SCHEMATRON | oval:nist.validation.r3005:def:1 - OVAL definitions of class 'compliance' should include a reference to a CCE, where applicable. | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][2]/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1] | if(@class eq 'compliance') then exists(oval-def:metadata/oval-def:reference[matches(@source,'^(http://cce.mitre.org|CCE)$')]) else true() |
207-1 | 1 (of 9) |
WARN | SCHEMATRON | oval:nist.validation.r3005:def:2 - OVAL definitions of class 'compliance' should include a reference to a CCE, where applicable. | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][2]/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][2] | if(@class eq 'compliance') then exists(oval-def:metadata/oval-def:reference[matches(@source,'^(http://cce.mitre.org|CCE)$')]) else true() |
207-1 | 1 (of 9) |
WARN | SCHEMATRON | oval:nist.validation.r3005:def:3 - OVAL definitions of class 'compliance' should include a reference to a CCE, where applicable. | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][2]/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][3] | if(@class eq 'compliance') then exists(oval-def:metadata/oval-def:reference[matches(@source,'^(http://cce.mitre.org|CCE)$')]) else true() |
207-1 | 1 (of 9) |
WARN | SCHEMATRON | oval:nist.validation.r3005:def:4 - OVAL definitions of class 'compliance' should include a reference to a CCE, where applicable. | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][2]/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][4] | if(@class eq 'compliance') then exists(oval-def:metadata/oval-def:reference[matches(@source,'^(http://cce.mitre.org|CCE)$')]) else true() |
207-1 | 1 (of 9) |
WARN | SCHEMATRON | oval:nist.validation.r3005:def:5 - OVAL definitions of class 'compliance' should include a reference to a CCE, where applicable. | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][2]/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][5] | if(@class eq 'compliance') then exists(oval-def:metadata/oval-def:reference[matches(@source,'^(http://cce.mitre.org|CCE)$')]) else true() |
207-1 | 1 (of 9) |
WARN | SCHEMATRON | oval:nist.validation.r3005:def:6 - OVAL definitions of class 'compliance' should include a reference to a CCE, where applicable. | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][2]/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][6] | if(@class eq 'compliance') then exists(oval-def:metadata/oval-def:reference[matches(@source,'^(http://cce.mitre.org|CCE)$')]) else true() |
207-1 | 1 (of 9) |
WARN | SCHEMATRON | oval:nist.validation.r3005:def:7 - OVAL definitions of class 'compliance' should include a reference to a CCE, where applicable. | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][2]/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][7] | if(@class eq 'compliance') then exists(oval-def:metadata/oval-def:reference[matches(@source,'^(http://cce.mitre.org|CCE)$')]) else true() |
207-1 | 1 (of 9) |
WARN | SCHEMATRON | oval:nist.validation.r3005:def:8 - OVAL definitions of class 'compliance' should include a reference to a CCE, where applicable. | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][2]/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][8] | if(@class eq 'compliance') then exists(oval-def:metadata/oval-def:reference[matches(@source,'^(http://cce.mitre.org|CCE)$')]) else true() |
207-1 | 1 (of 9) |
WARN | SCHEMATRON | oval:nist.validation.r3005:def:9 - OVAL definitions of class 'compliance' should include a reference to a CCE, where applicable. | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][2]/*:oval_definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definitions[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][1]/*:definition[namespace-uri()='http://oval.mitre.org/XMLSchema/oval-definitions-5'][9] | if(@class eq 'compliance') then exists(oval-def:metadata/oval-def:reference[matches(@source,'^(http://cce.mitre.org|CCE)$')]) else true() |
251-1 | 1 (of 10) |
WARN | SCHEMATRON | xccdf_gov.nist_rule_validation.r3005_rule_1 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1] | exists(xccdf:ident[matches(@system,'^(http://cce.mitre.org|http://cve.mitre.org|http://cpe.mitre.org)$')]) |
251-1 | 1 (of 10) |
WARN | SCHEMATRON | xccdf_gov.nist_rule_validation.r3005_rule_2 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][2] | exists(xccdf:ident[matches(@system,'^(http://cce.mitre.org|http://cve.mitre.org|http://cpe.mitre.org)$')]) |
251-1 | 1 (of 10) |
WARN | SCHEMATRON | xccdf_gov.nist_rule_validation.r3005_rule_3 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][3] | exists(xccdf:ident[matches(@system,'^(http://cce.mitre.org|http://cve.mitre.org|http://cpe.mitre.org)$')]) |
251-1 | 1 (of 10) |
WARN | SCHEMATRON | xccdf_gov.nist_rule_validation.r3005_rule_4 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][4] | exists(xccdf:ident[matches(@system,'^(http://cce.mitre.org|http://cve.mitre.org|http://cpe.mitre.org)$')]) |
251-1 | 1 (of 10) |
WARN | SCHEMATRON | xccdf_gov.nist_rule_validation.r3005_rule_5 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][5] | exists(xccdf:ident[matches(@system,'^(http://cce.mitre.org|http://cve.mitre.org|http://cpe.mitre.org)$')]) |
251-1 | 1 (of 10) |
WARN | SCHEMATRON | xccdf_gov.nist_rule_validation.r3005_rule_6 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][6] | exists(xccdf:ident[matches(@system,'^(http://cce.mitre.org|http://cve.mitre.org|http://cpe.mitre.org)$')]) |
251-1 | 1 (of 10) |
WARN | SCHEMATRON | xccdf_gov.nist_rule_validation.r3005_rule_7 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][7] | exists(xccdf:ident[matches(@system,'^(http://cce.mitre.org|http://cve.mitre.org|http://cpe.mitre.org)$')]) |
251-1 | 1 (of 10) |
WARN | SCHEMATRON | xccdf_gov.nist_rule_validation.r3005_rule_8 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][8] | exists(xccdf:ident[matches(@system,'^(http://cce.mitre.org|http://cve.mitre.org|http://cpe.mitre.org)$')]) |
251-1 | 1 (of 10) |
WARN | SCHEMATRON | xccdf_gov.nist_rule_validation.r3005_rule_9 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][9] | exists(xccdf:ident[matches(@system,'^(http://cce.mitre.org|http://cve.mitre.org|http://cpe.mitre.org)$')]) |
251-1 | 1 (of 10) |
WARN | SCHEMATRON | xccdf_gov.nist_rule_validation.r3005_rule_10 - An xccdf:Rule should include an xccdf:ident containing a CVE, CCE, or CPE | /*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]/*:Rule[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][10] | exists(xccdf:ident[matches(@system,'^(http://cce.mitre.org|http://cve.mitre.org|http://cpe.mitre.org)$')]) |
Requirement | Count | Level | Type | Description | Location | Test |
---|---|---|---|---|---|---|
330-3 | 2 (of 4) |
WARN | SCHEMATRON | Warning: The 'Benchmark' element has no platform specified, which implies the benchmark applies to all platforms. Applicable platforms should be indicate if possible. See the XCCDF 1.2.1 specification, Section 6.2.5. | /*[local-name()='Benchmark'] /*[local-name()='Benchmark'] |
false() |
330-3 | 2 (of 4) |
WARN | SCHEMATRON | Warning: All 'check' elements have non-empty @selector attribute values. This means that, by default, no 'check' element is used. To designate a default, remove the @selector from the desired default element. See the XCCDF 1.2.1 specification, Section 6.4.4.4. | /*[local-name()='Benchmark']/*[local-name()='Rule'][4] /*[local-name()='Benchmark']/*[local-name()='Rule'][4] |
false() |
Requirement | Count | Level | Type | Description | Location | Test |
---|---|---|---|---|---|---|
330-3 | 3 (of 3) |
WARN | SCHEMATRON | Warning: The 'cpe:/' prefix (CPE URI binding) is allowed within an @idref attribute, but the CPE Formatted String binding is preferred. See the XCCDF 1.2.1 specification, Section 6.2.5. | /*[local-name()='Tailoring']/*[local-name()='Profile']/*[local-name()='platform'][1] /*[local-name()='Tailoring']/*[local-name()='Profile']/*[local-name()='platform'][2] /*[local-name()='Tailoring']/*[local-name()='Profile']/*[local-name()='platform'][3] |
false() |
Statistic Type | Statistic ID | Test Name | Value |
---|---|---|---|
COUNT | RULE_COUNT | 10 | |
COUNT | RULE_COUNT | 10 | |
COUNT | RULE_OVAL_COUNT | 52 | |
COUNT | RULE_OCIL_COUNT | ||
COUNT | RULE_OCIL_ONLY_COUNT | ||
COUNT | RULE_CCE_COUNT | ||
COUNT | RULE_TEST_COUNT | variable_test | 18 |
COUNT | RULE_TEST_COUNT | family_test | 6 |
COUNT | RULE_TEST_COUNT | rpminfo_test | 2 |
COUNT | RULE_TEST_COUNT | plist510_test | 2 |