Security Content Automation Program Content Utilities

This page contains utilities available to help ease the process of working with the security content automation XML files. The files are in the Extensible Configuration Checklist Description Format (XCCDF) and the Open Vulnerability Assessment Language (OVAL) format. The content files are large and difficult to browse with a basic text editor, so the following tools are available to help edit and read the content.

The following utilities are standard XSL stylesheets. They can be used with any tool that can perform transformations using XSL.

Document Generator XSL Stylesheet - Example (Using stylesheet with Windows XP XCCDF)
This XSL stylesheet pulls together the different descriptions that have been provided in an XCCDF file and generates an HTML file that attempts to replicate the paper guidance that many are used to. In short, it transforms the XCCDF file into a text document that someone can read.
Thanks to Drew Buttner of Mitre for developing and contributing this utility.

CCE Mapping XSL Stylesheet - Example (Using stylesheet with Windows XP XCCDF)
This XSL Stylesheet generates a tab delimited list of references that serves as the CCE mapping for all the sources represented in the XCCDF file. The mapping should be sent to the CCE team at MITRE to help build up the CCE dictionary. **NOTE** This stylesheet has been hardcoded for the NSA, DISA, and NIST guides. Some tweaking will have to be done to produce a mapping for other guides.
Thanks to Drew Buttner of Mitre for developing and contributing this utility.