Section 22.224 Security Content Automation and Protocol (SCAP) Flashcards
Objective 4.4 Explain security alerting and monitoring concepts and tools
Security Content Automation and Protocol (SCAP)
Suite of open standards that enhances the automation of vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organisation
■ Developed by the National Institute of Standards and Technology (NIST)
■ Enhances the automation of security tasks, including the following…
● Vulnerability scanning
● Configuration checking
● Software inventory
Components of SCAP
SCAP comprises a suite of open standards used to automate security tasks
■ Supports standardised vulnerability scanning, results reporting, and scoring
■ Promotes vulnerability prioritisation and compliance with internal and external requirements
■ Ensures that different security tools communicate using the same SCAP formatted data
SCAP Languages
OVAL (Open Vulnerability and Assessment Language)
XML schema for describing system security states and querying
vulnerability reports
SCAP Languages
XCCDF (Extensible Configuration Checklist Description Format)
XML schema for developing and auditing best-practice configuration
checklists and rules
● Allows improved automation
SCAP Languages
ARF (Asset Reporting Format)
XML schema for expressing information about assets and their
relationships
● Vendor and technology neutral
● Flexible
● Suited for a wide variety of reporting applications
Enumeration Methods in SCAP
CCE (Common Configuration Enumeration)
Scheme for provisioning secure configuration checks across multiple sources
● Provides unique identifiers for different system configuration issues
Enumeration Methods in SCAP
CPE (Common Platform Enumeration)
Identifies hardware devices, operating systems, and applications
● Standard format: cpe:/part:vendor:product:version:update:edition:language
EternalBlue
Wannacry ransomware
Enumeration Methods in SCAP
CVE (Common Vulnerabilities and Exposures)
Describes publicly known vulnerabilities with unique identifiers
● Standard format:
○ CVE-Year first documented-Number
○ CVE-2017-0144
Enumeration Methods in SCAP
Common Vulnerability Scoring System (CVSS)
Used to provide a numerical score reflecting the severity of a vulnerability (0 to 10)
■ Scores are used to categorize vulnerabilities as none, low, medium, high, or critical
■ Scores assist in prioritising remediation efforts but do not account for existing mitigations
0 = none (IN TERMS OF CRITICALITY)
0.1 - 3.9 (LOW)
4.0 - 6.9 (MEDIUM)
7.0 - 8.9 (HIGH)
9.0 - 10.0 (CRITICAL)
SCAP Benchmarks
Benchmarks
● Sets of security configuration rules for specific products to establish security baselines
● Provide a detailed checklist that can be used to secure systems to a specific baseline
■ Expressed in the XCCDF format and used for compliance testing
■ Many SCAP Benchmarks available for different systems and applications, ensuring proper system configuration and vulnerability identification
Examples of SCAP Benchmarks
Red Hat Enterprise Linux Benchmark
Provides security configuration rules for Red Hat Enterprise Linux
● CIS Microsoft Windows 10 Enterprise Benchmark
○ Includes security configuration rules for Microsoft Windows 10 Enterprise
Three languages used in SCAP
● OVAL
● XCCDF
● ARF
