SCAP Audit Summary

by Cody Dumont
April 15, 2014

The Security Content Automation Protocol (SCAP) is a mixture of community developed security specifications. With vast depth of knowledge amongst the community, SCAP has gained strength within the security automation community by ensuring a broad range of use cases are reflected in the SCAP functionality.  The SCAP web site http://scap.nist.gov provides security professionals with information about both existing SCAP specifications and emerging specifications relevant to NIST's security automation agenda. 

SecurityCenter users are able to embrace the NIST security automation agenda through more efficient use of devices with SCAP audit file support, and advanced reporting using the dashboards and reports native to SecurityCenter. 

 The dashboard and its components are available in the SecurityCenter Feed, an app store of dashboards, reports, and assets.  The dashboard requirements are:

  • SecurityCenter 4.8
  • Nessus 5.2.6
  • SCAP supported packages such as: USGCB-rhel5desktop-1.2.5.0.zip & u_windows_7_v1r20_stig_benchmark.zip, 

This dashboard shows five components highlighting the SCAP audit results for both Windows and Unix/Linux systems.  The top two tables show a list of the failed audit checks for Windows and Unix/Linux. The next component is a compliance matrix, reporting on the percentage of audit checks that have passed, failed, or that need a manual verification.  The next table provides a summary of each network in your environment, along with number of audit checks by their status. The final component is a bar chart with the top 10 CCE's by host count.  

The components included with this dashboard are: 

  • SCAP Audit Summary - Top 25 Linux Compliance Failed Checks: This component shows the top 25 Linux SCAP audits checks that have failed, sorted by the total number checks found.
  • SCAP Audit Summary - Compliance Summary: This matrix component provides a high level view of the compliance ratio using the total checks for each operating system type, to the number of checks that have passed, failed, or require manual verification.
  • SCAP Audit Summary - Network Summary: This component displays a network summary table using a 24-bit mask to identify network segments.  The table displays the number of checks performed and the result of said checks. 
  • SCAP Audit Summary - Top 25 Windows Compliance Failed Checks: This component shows the top 25 Windows SCAP audits checks that have failed, sorted by the total number checks found.
  • SCAP Audit Summary - Top 10 CCE's: This bar chart provides a high level view into the Common Configuration Enumeration (CCE) as they pertain to SCAP audit checks.