The SCAP import wizard is a wizard made available in the Tivoli Endpoint Manager console that allows for the importing of a limited set of SCAP XML feeds into custom sites. SCAP is an acronym that stands for "Security Content Automation Protocol." It consists of a suite of standards under the aegis of the U.S. National Institute of Standards and Technology that include OVAL, XCCDF, CVE, CPE and CCE, among others. More information can be found here.

A typical SCAP data feed will provide a set of checks, each of which looks at one to a few settings or files on an endpoint. If a set of settings on an endpoint do not satisfy the criteria of a given check, the endpoint will be considered out of compliance. Different feeds look at different dimensions of security and compliance. Some look primarily at specific security-related settings, some look at the patches that have been applied to an endpoint, some look at programs that have been installed and some contain signatures of known computer vulnerabilities. SCAP checklists are provided by the U.S. Federal Desktop Core Configuration program (FDCC), the United States Government Configuration Baseline program (USGCB), the U.S. Defense Information Systems Agency (DISA) and the Center for Internet Security (CIS), among others, and there are online repositories that collect individual SCAP checks, such as the National Vulnerability Database's OVAL site, or that provide pointers to checklists of various kinds, such as its SCAP site.

While all of the content on these sites is SCAP content, the set of standards that are included under the SCAP umbrella is large, and the standards themselves can be relatively complex. The SCAP import wizard is designed at the present time to handle only Federal Desktop Core Configuration, or FDCC, content. The FDCC checklists cover Microsoft Windows Vista, Vista Firewall, XP, XP Firewall and Internet Explorer 7. Periodic updates to the content are made available on this page:

The SCAP import wizard has been tested against the FDCC checklists, and the behavior of the wizard is well known for the XML included in a periodic FDCC release. Custom content imported from SCAP XML that is derived from these checklists and that does not make use of additional features of OVAL or XCCDF is also likely to work as expected.

In addition there are SCAP XML feeds that are known to trigger bugs in the SCAP import wizard at the present time. These feeds include:

  • The USGCB checklists
  • Some of the SCAP checklists made available by DISA
  • In-house custom SCAP content that has been derived from these or other sources

The Security Configuration Management team at Tivoli Endpoint Manager are actively looking at ways of building out support for additional SCAP checklists and feeds. Typically, a checklist will first be made available by way of an external site, and then support for importing the SCAP content into a custom site from the Tivoli Endpoint Manager console will be progressively added.