Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Security Content Automation Protocol

Open Checklist Interactive Language (OCIL)

The Open Checklist Interactive Language (OCIL) defines a framework for expressing a set of questions to be presented to a user and corresponding procedures to interpret responses to these questions. Although the OCIL specification was developed for use with IT security checklists, the uses of OCIL are by no means confined to IT security. Other possible use cases include research surveys, academic course exams, and instructional walkthroughs.

In IT security, organizations work with security policies that detail the information that needs to be secured and the security requirements that must be met to ensure the information is protected accordingly. To verify compliance with security requirements, Federal agencies have already implemented security technologies that support the Security Content Automation Protocol (SCAP). OCIL is considered an emerging specification, so it is not currently included in SCAP. However, OCIL can still be used in conjunction with SCAP specifications such as XCCDF to help handle cases where lower-level checking languages such as OVAL are unable to automate a particular check. In short, OCIL provides a standardized approach to express and evaluate non-automated (i.e., manual) security checks.

OCIL provides the conceptual framework for representing non-automatable questions. The following list defines the features supported by OCIL:

  • Ability to define questions (of type Boolean, Choice, Numeric, or String)
  • Ability to define possible answers to a question from which the user can choose
  • Ability to define actions to be taken resulting from a user's answer
  • Ability to enumerate the result set

The OCIL Discussion List is available for developers interested in OCIL. Please subscribe to this list through the SCAP Community page.

OCIL Resources

OCIL 2.0 Resources (April 7, 2011)

Specification:

NISTIR 7692

XML Schema Files: [what is a schema?]

OCIL 2.0 Schema (XSD 1.0)

OCIL 1.1 Resources (May 20, 2009)

XML Schema Files: [what is a schema?]

OCIL Schema (XSD 1.0)

Sample Files:

General-Mitre-OCIL-1.xml

scap-win2000-OCIL.xml

Documentation:

OCIL Language Specification

OCIL Schema Element Dictionary

OCIL Changelog

OCIL 1.0 Resources (December 2, 2008)

XML Schema Files: [what is a schema?]

OCIL Schema (XSD 1.0)

Sample Files:

General-Mitre-OCIL-1.xml

scap-win2000-OCIL.xml

Documentation:

OCIL Language Specification

OCIL Schema Element Dictionary

OCIL Changelog

OCIL Interpreter

The OCIL Interpreter is a standalone Java GUI implementation that demonstrates how an interactive schema document can be evaluated. It guides the end user in completing questionnaires (one question at a time), viewing and computing results.

OCIL Interpreter Resources

Download:

Download Page

Project Page

Created December 07, 2016, Updated September 20, 2018