This schema defines the eXtensible Configuration Checklist
Description Format (XCCDF), a data format for defining
security benchmarks and checklists, and for recording
the results of applying such benchmarks.
For more information, consult the specification
document, "Specification for the Extensible Configuration
Checklist Description Format", version 1.0.
This schema was developed by Neal Ziring, with
assistance from David Waltermire. The following
individuals contributed ideas to the construction
of this schema: David Proulx, Andrew Buttner, and
Ryan Wilson.
1.0
Import the XML namespace because this schema uses
the xml:lang and xml:base attributes.
Import the simple Dublin Core namespace because
this schema uses it for benchmark metadata and for
references.
Import the CIS platform schema, which we use for
describing target IT platforms in the Benchmark.
The CIS platform schema was designed by David
Waltermire.
The benchmark tag is the top level element representing a
complete security checklist, including descriptive text
and test items.
Legal notices must have unique id values.
Items must have unique id values.
Value item ids are special keys, need this for
the valueIdKeyRef keyref below.
Rule items have a unique key, we need
this for the ruleIdKeyRef keyref below.
(Rule key refs are used by rule-results.)
Group and Rule item ids are special keys, we
need this for the requiresIdKeyRef keyref below.
Profile objects have a unique id, it is used
for extension, too.
Platform-definitions have a unique id, it is used
from the platform element and fix element.
Check-export elements must reference existing values.
Sub elements must reference existing Value ids.
The rule-result element idref must refer to an
existing Rule.
The requires element idref must refer to an existing
Group or Rule.
The requires a profile element in a TestResult
element to refer to an existing Profile
The platform element idref attribute must refer to
an existing cdfp:platform-definition.
The fix element attribute platform must refer to an
existing platform-definition.
Data type for legal notice element that has text
content and a unique id attribute.
Data type for a reference citation, an href
URL attribute (optional), with content of text
or simple Dublin Core elements.
XML-Signature over the Benchmark; note that this
will always be an 'enveloped' signature, so the
single element child of this element should be
dsig:Signature.
Metadata for the Benchmark, should be Dublin Core
or some other well-specified and accepted metadata
format. If Dublin Core, then it will be a sequence
of simple Dublin Core elements.
The acceptance status of an Item with an optional date attribute
that signifies the date of the status change.
The possible status codes for an Benchmark or Item to be
inherited from the parent element if it is not defined.
Type for a string with an xml:lang attribute.
Type for a string with XHTML elements and xml:lang attribute.
Type for a string with embedded Value substitutions
and XHTML elements, and an xml:lang attribute.
Type for a string with embedded Value substitutions
and XHTML elements, and an xml:lang attribute.
Data type for elements that have no content,
just a mandatory id reference.
Type element type imposes constraints shared by all
Groups, Rules and Values. The itemType is abstract, so
the element Item can never appear in a valid XCCDF document.
This abstract item type represents the basic data shared by all
Groups, Rules and Values
This abstract item type represents the basic data shared by all
Groups and Rules. It extends the itemType given above.
Data type for the Group element that represents a grouping of
Groups, Rules and Values.
Data type for the Rule element that represents a
specific benchmark test.
Type for a string with embedded Value and instance
substitutions and an optional platform id ref attribute, but
no embedded XHTML markup.
The platform attribute should refer to a platform-definition
element in the platform-definitions child of the Benchmark.
Data type for the check element, a checking system
specification URI, and XML content.
Data type for the check-export element, which
specifies a mapping between an XCCDF internal Value
id and a value name to be used by the checking
system or processor.
Data type for the check-content-ref element, which
points to the code for a detached check in another file.
This element has no body, just a couple of attributes:
href and name. The name is optional, if it does not appear
then this reference is to the entire other document.
Data type for the check-content element, which holds
the actual code of an enveloped check in some other
(non-XCCDF) language. This element can hold almost
anything; XCCDF tools do not process its content directly.
Data type for a Rule's weight, a non-negative real number.
Data type for the Value element that represents
a tailorable string, numeric, or boolean value in
the Benchmark.
The choice element specifies a list of legal or
suggested choices for a Value object. It holds
one or more choice elements, a mustMatch attribute,n
and a selector attribute.
This type is for an element that has string content
and a selector attribute. It is used for some of
the child elements of Value.
This type is for an element that has numeric content
and a selector attribute. It is used for two of
the child elements of Value.
Allowed data types for Values, just string, numeric,
and true/false.
Allowed operators for Values. Note that most of
these are valid only for numeric data, but the
schema doesn't enforce that.
Data type for the Profile element, which holds a
specific tailoring of the Benchmark.
Type for the select element in a Profile; all it has
are two attributes, no content. The two attributes
are 'idref' which refers to a Group or Rule, and
'selected' which is boolean.
Type for the set-value element in a Profile; it
has one attribute and string content. The
attribute is 'idref' which refers to a Value.
Type for the refine-value element in a Profile; all
it has are two attributes, no content. The two
attributes are 'idref' which refers to a Value
and 'selector' which designates certain element
children of the Value.
Data type for the TestResult element, which holds
the results of one application of the Benchmark.
This element holds all the information about the
application of one rule to a target. It may only
appear as part of a TestResult object.
Type for a message generated by the checking
engine or XCCDF tool during benchmark testing.
Content is string plus required severity attribute.
Allowed values for message severity.
Allowed result indicators for a test, just four
possibilities:
pass = the test passed, target complies w/ benchmark
fail = the test failed, target does not comply
error= an error occurred and test could not complete,
or the test does not apply to this plaform
unknown= could not tell what happened