Hello Group,
I am wondering has anyone of experience on translating Open Vulnerability
Assessment Language (OVAL) vulnerability descriptions into CFengine policy
rules? As CFengine offers a powerful distributed agent framework that if
combined with the OVAL vulnerability language, can provide an efficient
strategy for aligning security aspects on autonomic environments.
Similarly, I came across (SCAP-- http://scap.nist.gov/) which uses six
different components such as OVAL, XCCDF and also
includes a list of all known security related software flaws (CVE), a
list of known software configuration issues (CCE), and a list of
standard vendor and product names (CPE).
Can anyone share any experiences on SCAP or OVAL consideration while
implementing CFengine.
Thanks in advance for help.
-Jan
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
