Interactive Schema Interpreter

Mission and Overview

NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).

Resource Status

NVD contains:

32678	CVE Vulnerabilities
161	Checklists
151	US-CERT Alerts
2257	US-CERT Vuln Notes
2097	OVAL Queries

Last updated: 09/15/08

CVE Publication rate:

11 vulnerabilities / day

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index

Vulnerability Workload Index: 6.66

About Us

NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security’s National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

Interactive Schema

The interactive schema defines a conceptual framework for representing questions designed as an XCCDF checking system.

An XCCDF document contains a series of checks; each check represents a question that is responsible for determining information relating to the state of a target system. In an XCCDF document, the majority of checks are automated to allow SCAP scanners to consume the checks and resolve the answers with no human interaction. However, there are some checks where automation is not possible due to the need for human input. For example, a computer cannot answer a check designed to verify that a department’s security logs are up to date. A human responsible for the department’s security logs must answer this question.

The interactive schema provides the conceptual framework for representing non-automatable questions. The following list defines the features supported by the schema:

Ability to define questions (of type Boolean, Choice, Numeric, or String)
Ability to define possible answers to a question from which the user can choose
Ability to define actions to be taken resulting from a user’s answer
Ability to enumerate the result set

Interactive Schema Resources

XML Schema Files: [what is a schema?]: Interactive Schema (XSD 1.0)

Sample Files:: General-Mitre-Interactive-1.xml; scap-win2000-interactive.xml

Documentation:: Element Dictionary.pdf; Changes.txt

Interactive Schema Interpreter

The Interactive Schema Interpreter demonstrates how an interactive schema document can be evaluated.

Interactive Schema Interpreter Resources

Download:: Download Page; Project Page

Disclaimer Notice & Privacy Statement / Security Notice

Send comments or suggestions to nvd@nist.gov

NIST Computer Security Resource Center (CSRC)

NIST is an Agency of the U.S. Commerce Department

Full vulnerability listing