Changes in the 1-3.0.0.0 FINAL [since version 1-3.0.0.0 RC2] Release date: 07/31/2020 1. Improved inventory definition for a Windows Domain Controller to mathch any domain name that start with "SCAPLAB" 2. Fixed typo (SCAPLAB" or "SCAPLAB[01-99]" (i.e. SECLAB11.local)) in the implementation guide\quick guide. 3. Improved the OVAL inventory definitions for “platform_win_server_dc” and “platform_win_domain_member” to correctly detect the target platform 1) The new Domain Controller suite has expected results in the catalog of “not applicable” for most rules, however, we find that the platform requirements are actually all met on a domain controller target, meaning that most of our rules actually result in pass/fail. Were you expecting a target that matches “platform_win_server_dc” would not match “platform_win_domain_member”? On our target machine, the domain server matches both platform tests. 2) The second issue is that all the other suites are missing expected results in the catalog for the 37 new rules (i.e.., xccdf_gov.nist_rule_user_test_dc-XX, where 1<= XX <= 37) that were introduced for the new domain controller suite. 3. Updated the tests for the xccdf_gov.nist.validation.winNtuser_rule_61 through 70 to resolve a possible issue when the config scripts ran as a local admin. Changes in the 1-3.0.0.0 RC2 [since version 1-3.0.0.0 RC1] Release date: 10/21/2019 1. The oval:nist.validation.winSid:ste:36 does not count for the naming convention of computer name Fix: Updated the oval:nist.validation.winSid:ste:36 to allow three digits for the computername. Updated files: r1100-scap12-win-datastream.xml, and windows-datastream.xml 2. Possible issues with win-def:wuaupdatesearcher_test on Windows 7 Fix: Updated the following tests: oval:nist.validation.winWuaUpdateSearcher:tst:12, 15, 19, 31, 33, 37, and 39. 3. The following rules reference an incorrect OVAL ID: oval:nist.validation.winFile:def:41, 42, 43, 44, 45, and 46. Fix: Updated the affected rules and the catalog file. 4. Issue: File "win_file_config1.py", line 67, in performConfig f = open(file3, 'w') Fix: updated the "win_file_config1.py" to create the necessary folder if not exist. 5. Issue: the following tests don't comply with the schematron rules: oval:nist.validation.textFileContent54:tst:63, oval:nist.validation.textFileContent54:tst:72, oval:nist.validation.linux_textFileContent54:tst:63, and oval:nist.validation.linux_textFileContent54:tst:72. Fix: updated the affected tests to comply with the schematron rules. 6. Updated the R1100 data streams to use unique IDs 7. Updated the test oval:nist.validation.winUserSid:tst:15 to prevent a possible mismatch on Windows 10. 8. Updated the command_line pattern match for oval:nist.validation.winProcess58-w10:obj:3 to count for "/NOUACCHECH" argument on Windows 10. 9. Improved the cleanup scripts. 10.Updated the object oval:nist.validation.macosplist510test:obj:8100 to reduce the scanning time. 11.The following rules have been removed due to changes in RHEL (ftp_home_dir boolean was removed from RHEL 7.6): xccdf_gov.nist_rule_SELinux_rhel7-0356, xccdf_gov.nist_rule_SELinux_rhel7-0357, xccdf_gov.nist_rule_SELinux_rhel7-0358, xccdf_gov.nist_rule_SELinux_rhel7-0359, and xccdf_gov.nist_rule_SELinux_rhel7-0360. 12.Updated the OVAL state oval:nist.validation.linuxPartition:ste:16 to support xvda* storage devices. 13. Updated Unix uname tests 43 and 44 to match UTC time zones. 14. Updated win_regkeyeffectiverights53 tests to use the "Backup Operators" group instead "Power Users" to avoid a possible issues on Windows Server 2012 R2. 15. Updated the regex used by oval:nist.validation.winUser:obj:3 and oval:nist.validation.winUser:obj:4 to match the info provided in the documentation. 16. Fixed mismatches for the xccdf_gov.nist.validation.winLicense_rule_xx [5, 15, 21, 22, 23, 24, 25] on Windows Server 2012 R2 17. Fixed mismatch for xccdf_gov.nist.validation.winSidSid_rule_4 and winSidSid_rule_13 on Windows Server 2012 R2 and Windows 10 18. Corrected the expected result for xccdf_gov.nist.validation.winSidSid_rule_10 and winSidSid_rule_16 in the catalog. 19. Updated the tests "oval:nist.validation.winNtuser:tst:31" and "oval:nist.validation.winNtuser:tst:37" to avoid a possible mismatch on Windows 10. 20. Added new test requirements for Windows Server 2012 R2 Domain Controllers ############################################################################### ############################################################################### ############################################################################### SCAP Validation Test Content version 1-3.0.0.0 RC1 Release date: 04/05/2019 The tests included in this Release Candidate may change in the final release.