Vendor Provided Validation Details - Secutor Prime 2.0.4
The following text was provided by the vendor during testing to describe how the product implements the specific capabilities.
Statement of FDCC Compliance:
ThreatGuard asserts that their Secutor Prime v2.0.4 product does not alter the FDCC settings on Windows XP and Vista systems.
Statement of SCAP Implementation:
Secutor Prime is built around support for the Security Content Automation
Protocol (SCAP). SCAP is a collection of six open standards developed jointly
by the government and private sector. Security content written to the SCAP
standard can by used by any product that supports the standard. This allows
regulatory authorities and configuration managers a means to construct much
more definitive guidance than was possible in the past. The guidance is
written in the standard format and passed to security products for automated
processing and reporting; common input and common output. Secutor Prime
includes support for all six protocols. It uses the XCCDF and OVAL
assessment protocols to determine what items to check and how to check
them. It uses the CPE, CCE, CVSS, and CVE reference protocols to ensure all
rules are accurately and appropriately reflected in the system. The SCAP
standard references are visible in the interface, reports, and export files.
Statement of CVE Implementation:
Secutor Prime includes support for Common Vulnerabilities and Exposures
(CVE) names. CVE provides standardized references to known vulnerabilities.
This unique identifier provides a common way to refer to vulnerabilities. CVE
is the oldest of the six protocols and is directed at vulnerabilities rather than
compliance items. Patch content can optionally refer to CVE names, allowing
the end user to track attack vectors associated with missing patches. The
XCCDF and OVAL compliance checks currently do not reference CVE names.
Secutor Prime raises the CVE references from the SCAP patch content to
populate the user interface and reports. The CVE name is included on the
Details tab of Secutor Prime for each patch check listed in the tree. Secutor
Prime can also perform vulnerability assessments using the included Open
Vulnerability and Assessment Language (OVAL) content. The References tab
includes the CVE name and a link to the NVD site for each CVE name.
Statement of CCE Implementation:
Secutor Prime includes support for Common Configuration Enumeration (CCE)
references. CCE provides a standard notation and reference to configuration
settings. The SCAP data stream contains CCE tags in the XCCDF documents.
ThreatGuard raises the CCE references from the SCAP content to populate
user interfaces, reports, and exports. In addition, Secutor Prime includes a
search feature that allows the user to search the system and results for a
given CCE number. By including CCE references in the SCAP content and
consuming them into Secutor Prime, it is now possible to easily compare very
specific configuration settings across systems. Exports provided by the Secutor line of products include the ThreatGuard
Results (Tiger) format. This format was developed to insulate integrators
from the intricacies and evolutions of the SCAP languages. Each configuration
check includes the CCE reference, enabling the integrator to easily process
SCAP data properly. Tiger was designed to give any product a fast track to
SCAP compatibility and validation; CCE is a key ingredient.
Statement of CPE Implementation:
Secutor Prime includes automated support for the Common Platform
Enumeration (CPE) standard. CPE provides a standard notation and reference
to operating systems and applications. An operating system can be referred
to in many different ways such as "Windows XP" vs. "Microsoft Windows XP".
CPE introduces a standard notation, such as "cpe:/o:microsoft:windows_xp"
and "cpe:/a:microsoft:ie:7", enabling products to share SCAP results without
pre-coordinating operating system and application references.
The SCAP data stream provides OVAL-based checks that precisely determine
whether or not a benchmark applies to a network asset. Compatible tools can
use these tests to decide whether or not to assess a benchmark; they can
also use this check to filter the list of available benchmarks for a selected
network asset. Secutor Prime executes the CPE check to automatically select
benchmarks that are applicable to a target system. The user simply points
Secutor Prime at a directory of SCAP content files and the product performs
CPE checks to determine which benchmarks apply. The Secutor Prime report
and export files also include the applicable operating system or application
CPE reference.
Statement of CVSS Implementation:
Secutor Prime provides support for the Common Vulnerability Scoring System
(CVSS). CVSS represents a standardized approach to measuring the impacts
of IT vulnerabilities. Each CVE includes an associated CVSS vector for use in
calculating the relative severity of vulnerabilities. The SCAP data stream
currently uses a flat scoring methodology, giving all compliance checks the
same "weight" (level of importance). These weights are compatible with
CVSS scoring. NIST, through their National Vulnerability Database (NVD),
plans to include CVSS vectors and scores for each CCE compliance item. That
will enable Secutor Prime to provide a more informative view of the relative
impact of mis-configuration issues. Likewise, the Secutor libraries include a
CVSS calculator which can be used to calculate a score (from 0 to 10) given a
CVSS vector. The references tab in Secutor Prime also includes links to the
NVD to view the CVSS vectors, giving the user access to the online CVSS
calculator hosted at NIST. As CVSS grows to play a larger role in SCAP,
ThreatGuard products stand ready to support.
Statement of XCCDF Implementation:
Secutor Prime includes seamless support for the eXtensible Configuration
Checklist Description Format (XCCDF). XCCDF specifies system settings for
automated tools to assess. XCCDF specifies what to check. It is the primary
protocol required to process the SCAP data stream. ThreatGuard presented
the first live demonstration of processing XCCDF, OVAL, and the SCAP data
stream using Secutor Prime at the 2nd annual NIST Security Automation
Conference, held September 2006. The Secutor XCCDF interpreting engine
has been exercised by thousands of users in hundreds of Federal Agencies,
hundreds of commercial sites, and over fifty countries. Compliance checklist
content, like those developed by NIST for the Federal Desktop Core
Configuration (FDCC), is written in the standard XCCDF format. These files
are included with Secutor Prime and are used by the product to generate the
groups and lists of rules to be checked. Secutor Prime generates and displays
a hierarchical tree of these groups and rules when an XCCDF file is selected.
The product then uses information from the XCCDF file to perform the
assessment as specified in the accompanying Open Vulnerability and
Assessment Language (OVAL) file.
Statement of OVAL Implementation:
Secutor Prime includes fully integrated support for the Open Vulnerability and
Assessment Language (OVAL) standard. OVAL specifies a standardized
approach for assessing each system setting. While XCCDF describes what to
check, OVAL specifies how to perform the check. ThreatGuard develops and
distributes the world's most mature commercial OVAL interpreter. From 2004
to present day, ThreatGuard has been the first to fulfill OVAL definition
consumer compatibility requirements with each major evolution of the
language. The ThreatGuard OVAL interpreter was engineered from the
beginning to assess local computers and remote targets using agentless 'over
the wire' technology. This OVAL interpreter currently supports Microsoft
Windows, as well as Solaris, HP-UX, Linux, and Cisco IOS. Support for
additional operating systems and applications, such as mainframes and
databases, will be added as new OVAL content is developed. Secutor Prime
automatically processes the OVAL definition content as referenced in the
XCCDF file to perform assessment activities. Secutor Prime also includes an
OVAL Notes tab that allows the user to see the decisions made by the
interpreter as it processes the OVAL content. For vulnerability content,
Secutor Prime includes an option to display the OVALID in the tree as the title
for each vulnerability definition.