Hi Peter,
>1. Anyone who has tinkered with SCAP content for Mac OS X (a little or a lot!).
This includes creating OVAL and XCCDF content for use by commercial systems.
We have created a few sample OVAL Definitions (vulnerability and inventory) for Mac
OS X that can be found in the OVAL Repository. They can be found at the following link.
http://oval.mitre.org/repository/data/SearchDefinitionAdv?family=2&advsearch=Search
We have also created OVAL Test Content for Mac OS X. The Mac OS X test content can
be found at the following link.
http://ovaltestcontent.svn.sourceforge.net/viewvc/ovaltestcontent/trunk/macos/
>2. Any vendor who has supplied any level of OS X SCAP content or clients, including
them as part of a test or released system. (I get emails from many of you already but would like to know specifics on how extensive your >OSX client capabilities are.)
The OVAL Interpreter’s capabilities on Mac OS X are limited and only include support
for certain tests in the UNIX and Independent schemas. It does not currently support any tests specific to the Mac OS schema. However, our work is driven by the needs of the community so if there is a strong demand from the community to support additional
capabilities on Mac OS X, we can adjust our priorities accordingly.
>3. Anyone who's company, institution, or branch of government has begun a project
using SCAP to validate OS X system configurations. Q: Are you required to do this? If so, please include policy or regulation number.
We know the IRS is working to develop SCAP content for Mac OS X.
>4. Anyone who, like myself, is interested in this subject. (I'm not excluding anyone!)
Yes, the OVAL Team would be glad to help out where we can and we can reach back to
the Mac OS X domain experts here at MITRE when needed.
Thanks,
Danny
From: fed-talk-bounces+dhaynes=email@hidden [mailto:fed-talk-bounces+dhaynes=email@hidden]
On Behalf Of Link, Peter R.
Sent: Wednesday, August 29, 2012 10:15 AM
To: email@hidden Talk; scap dev; oval-developer-list OVAL Developer List/Closed Public Discussion; open-scap
Subject: [Fed-Talk] SCAP content and use on Mac OS X
To All,
I am conducting a survey on the development and use of SCAP content and tools for Mac OS X (any version). I have been on the sidelines of this field for 5 years and would like to find other, more involved individuals and companies to get
a better idea of how widespread the activity is. I have seen emails from many persons on several lists and would like to collect them for a future project. If you or your company fit any of the following, please respond, highlighting your involvement:
1. Anyone who has tinkered with SCAP content for Mac OS X (a little or a lot!). This includes creating OVAL and XCCDF content for use by commercial systems.
2. Any vendor who has supplied any level of OS X SCAP content or clients, including them as part of a test or released system. (I get emails from many of you already but would like to know specifics on how extensive your OSX client capabilities
are.)
3. Anyone who's company, institution, or branch of government has begun a project using SCAP to validate OS X system configurations. Q: Are you required to do this? If so, please include policy or regulation number.
4. Anyone who, like myself, is interested in this subject. (I'm not excluding anyone!)
Please reply to one of the lists or directly to me. I will not give your name to any vendor, although I will use this information to continue my effort to get engineering time from Apple.
Lawrence Livermore National Laboratory
The contents of this message are mine personally and do not reflect the views or position of the U.S. Department of Energy, Federal Government, National Nuclear Security Administration, Lawrence
Livermore National Security, or Lawrence Livermore National Laboratory.