Tenable SCAP Standards Declarations. June 4, 2015 (Revision 11)

Similar documents
SecurityCenter 5.0 SCAP Assessments. May 28, 2015 (Revision 2)

Nessus v6 SCAP Assessments. November 18, 2014 (Revision 1)

Chapter 5: Vulnerability Analysis

Tenable for ServiceNow. Last Updated: March 19, 2018

Tenable Nessus Customer Loyalty Program to Purchase PVS Subscription

Practical OpenSCAP Security Standard Compliance and Reporting. Robin Price II Senior Solutions Architect Martin Preisler Senior Software Engineer

Software Assurance Ecosystem Knowledge Architecture. 1 Wednesday, December 31, 2008

AUTOMATED PROCESSES IN COMPUTER SECURITY

Tenable.io User Guide. Last Revised: November 03, 2017

Tenable for Palo Alto Networks

MAKING SECURITY MEASURABLE AND MANAGEABLE

SCAP Security Guide Questions / Answers. Ján Lieskovský Contributor WorkShop November 2015

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018

Tenable Network Security Support Portal. November 9, 2010 (Revision 8)

National Information Assurance Partnership

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

Defining IT Security Requirements for Federal Systems and Networks

SCAP Security Guide Questions / Answers. Contributor WorkShop Volume #2

SecurityCenter 5.1 Upgrade Guide. November 12, 2015 (Revision 2)

Secure Configuration Manager SCAP Module User's Guide. January 2018

Log Correlation Engine 4.4 Statistics Daemon Guide. February 26, 2015 (Revision 1)

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Certification Report

Tenable Common Criteria Evaluated Configuration Guide. October 29, 2009 (Revision 4)

Practical OpenSCAP, Security Standard Compliance and Reporting Part 1: CLI (command-line)

SecurityCenter Upgrade Guide. July 21, 2015 (Revision 1)

Total Protection for Compliance: Unified IT Policy Auditing

UNICOS/mp Common Criteria Evaluation

Speed Up Incident Response with Actionable Forensic Analytics

ForeScout Extended Module for Advanced Compliance

Building an Assurance Foundation for 21 st Century Information Systems and Networks

Certification Report

COMMON CRITERIA CERTIFICATION REPORT

Certification Report

SecurityCenter 508 Compliance

Certification Report

NIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation

Current and Future Issues in Security

Providing Cybersecurity Inventory, Compliance Tracking, and C2 in a Heterogeneous Tool Environment

How to Transition from Nessus to SecurityCenter Reports

How to Add, Deactivate, or Edit a Contact

Certification Report

MIS Week 9 Host Hardening

Certification Report

ForeScout Extended Module for Tenable Vulnerability Management

Certification Report

Certification Report

COURSE BROCHURE CISA TRAINING

Vulnerability Management

Protecting Critical Infrastructure. SCADA Network Security Monitoring

PVS Subscription Registration Process

IASM Support for FISMA

Certification Report

Certification Report

Tenable for Google Cloud Platform

CISA Training.

Certification Report

Certification Report

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme

Real-Time Compliance Monitoring

Portnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview

Certification Report

How-to Guide: Tenable Core Web Application Scanner for Microsoft Azure. Last Updated: May 16, 2018

How-to Guide: Tenable.io for Lieberman. Last Revised: August 14, 2018

Tanium Comply User Guide. Version 1.7.3

Automating the Top 20 CIS Critical Security Controls

ForeScout Extended Module for Qualys VM

Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria

Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria

Certification Report

SecurityCenter 4.8.x Upgrade Guide. December 16, 2014 (Revision 1)

Certification Report

Foundstone 7.0 Patch 6 Release Notes

Real-Time Compliance Monitoring

Certification Report

FedRAMP JAB P-ATO Vulnerability Scan Requirements Guide. Version 1.0

Certification Report

Tenable.io for Thycotic

Certification Report

Interface reference. McAfee Policy Auditor Interface Reference Guide. Add Service Level Agreement page

Certification Report

June 8th, 2017 Washington D.C. Security Compliance for modern infrastructures with OpenSCAP

Certification Report

Managing Business Risk with Assurance Report Cards

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Applied SCAP: Automating Security Compliance and Remediation. Shawn Wells Maintainer, SCAP Security Guide 31-JULY-2014

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

Certification Report

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):

Turn-key Vulnerability Management

CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management

Certification Report

COMMON CRITERIA CERTIFICATION REPORT

SQL Server Solutions GETTING STARTED WITH. SQL Secure

Symantec Network Access Control Starter Edition

The State of Security

Version Symantec. Page 1 of 33

How-to Guide: Tenable for McAfee epolicy Orchestrator. Last Updated: April 03, 2018

A guide to managing hosts in a Red Hat Satellite 6 environment. Edition 1.0

Transcription:

Tenable SCAP Standards Declarations June 4, 2015 (Revision 11)

Table of Contents Center for Internet Security (CIS)... 3 Common Criteria (NIAP)... 3 Common Vulnerability Enumeration (CVE)... 3 Common Configuration Enumeration (CCE)... 4 Common Platform Enumeration (CPE)... 4 Common Vulnerability Scoring System (CVSS)... 4 Extensible Configuration Checklist Document Format (XCCDF)... 5 Open Vulnerability Assessment Language (OVAL)... 5 Asset Identification... 5 Asset Reporting Format (ARF)... 5 SCAP Implementation... 5 About Tenable Network Security... 6 2

Center for Internet Security (CIS) The Center for Internet Security (CIS) is a non-profit organization that provides consensus best practice standards for security configuration for a variety of platforms and applications. The CIS benchmarks are defined through a consensus of user organizations, security professionals, auditors and software vendors. Tenable Network Security is a member of the Center for Internet Security (CIS) and develops configuration assessment technologies for Nessus and SecurityCenter to implement audits that test for best practice settings based on the CIS benchmarks. These technologies are submitted to CIS for certification and CIS then validates Tenable s ability to test for correct and incorrect settings across a wide variety of applications and operating systems. Common Criteria (NIAP) The National Information Assurance Project (NIAP) is a U.S. Government initiative between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). NIAP sponsors a variety of projects and activities, including the Common Criteria Evaluation and Validation Scheme (CCEVS). The Common Criteria is a standard for evaluation of security measures in a given product. Many government agencies require that products deployed into their environments be evaluated under the Common Criteria process. Tenable is Common Criteria (CC) certified at Evaluation Assurance Level Two (EAL2) Augmented with ALC_FLR.2 for the SecurityCenter 4.4, Nessus 5.0.1, Passive Vulnerability Scanner (PVS) 3.6, Log Correlation Engine (LCE) 3.6, 3D Tool 2.0.1, and xtool 2.1 products. The Target Of Evaluation (TOE) includes all the components that comprise a full deployment of the SecurityCenter suite. Common Vulnerability Enumeration (CVE) Tenable Network Security uses Common Vulnerability Enumeration (CVE) nomenclature for many different processes accomplished by the SecurityCenter, including the following: All vulnerabilities identified by Tenable s research group for the Nessus vulnerability scanner or the Passive Vulnerability Scanner have relevant CVE entries, if available. Tenable has a public web interface that can be used to search plugins by associated CVE entries. Newly released CVE entries are added several times a week and updates to older CVE entries are frequently made. Any vulnerability displayed in the Detailed Vulnerability List mode in SecurityCenter lists all relevant CVE references, if available. This data is also displayed through reporting and exporting via CSV content. The text of any CVE value can be used as a search parameter within the SecurityCenter filters. For example, if the text CVE-2014 is entered in the vulnerability text filter field, SecurityCenter will display all matching vulnerabilities that had a CVE entry from the year 2014. Specific CVE entries can be used in a search for more detailed results. CVE entries are also displayed when vulnerability descriptions are browsed within SecurityCenter. Through the Log Correlation Engine, SecurityCenter employs CVE for vulnerability to IDS event correlation so that an IDS event from a third party product can be correlated with all discovered vulnerabilities that have the same CVE entry. 3

Common Configuration Enumeration (CCE) Tenable s support for CCE data starts directly with Extensible Configuration Checklist Document Format (XCCDF) content. To parse XCCDF content directly, Tenable employs SecurityCenter to read XML content and generate a Nessus audit policy based on XML content. As an XCCDF library is parsed within SecurityCenter, CCE IDs, their descriptions, and their associated reference material can be displayed. This information can be included in the actual audit policies generated for Nessus. Within SecurityCenter, CCE IDs can be viewed in Scan Results and then selecting CCE-ID scan filter. after an audit has been completed. CCE ID descriptions, the policy value from the audit file, and the remote value from a scanned host are also included under Scan Results. As Nessus completes its configuration audit, the text files produced are gathered by SecurityCenter. Once in SecurityCenter, users can search the obtained data by CCE through the Vulnerability Text field. Common Platform Enumeration (CPE) Tenable Network Security uses Common Platform Enumeration (CPE) to ensure that configuration audits are performed on the correct operating systems. While processing XCCDF content, relevant CPE checks for the audit policy are built into the resulting Nessus audit policy. This ensures that if the wrong policy is used on an operating system not intended by the audit, a detailed error report will be produced. Within SecurityCenter, an inadvertent scan of a system with the wrong policy can also be recognized and prevented. Although SecurityCenter has asset logic that can be used to ensure that Windows 7 audits are run on Windows 7 computers, it is very plausible to envision a customer simply auditing a network range that contains Windows 7, Windows 2008, and Windows Vista systems. In this case, for the incorrect CPE platforms, the audit will not be performed but the correct audits will still be automatically enabled. Common Vulnerability Scoring System (CVSS) Tenable s research group uses CVSS version 2 scores available from the National Vulnerability Database (NVD). The actual CVSS scoring strings and scores are used to map severity ratings of vulnerabilities audited by Nessus and the Passive Vulnerability Scanner. When a test for a new vulnerability is produced by Tenable, there will sometimes not be a corresponding NVD entry for it at the time of the original test. In those cases, Tenable performs its own scoring according to NIST guidelines. When NVD entries or CVSS scores are available, Tenable synchronizes with NVD. If there is a discrepancy between what Tenable has scored and what NVD has scored, Tenable provides feedback to NIST. Tenable Network Security uses the CVSS base score to select Nessus and PVS severity ratings for vulnerability plugins. Values from 1 through 3 receive a Low/Informational rating, 4 through 6 receive a Medium/Warning rating and 7 through 9 receive a High/Hole severity level. CVSS scores of 10 have a severity level of Critical and also have their risk factor marked as Critical. In some cases, Tenable is unable to synchronize scores with NVD. This may happen because a Nessus or PVS plugin checks for a vulnerability for which there is no CVE/NVD entry or because NIST has not scored the entry manually (NIST labels these as approximated scores). In these cases, Tenable will re-score the plugins using the CVSSv2 standard when resources are available to do so. 4

Extensible Configuration Checklist Document Format (XCCDF) SecurityCenter directly imports XCCDF content into the product. A SecurityCenter administrator can download the XCCDF content from a given source (such as NIST NVD http://web.nvd.nist.gov/view/ncp/repository, a third party product, or a Tenable product) and then upload the policy into SecurityCenter. Within SecurityCenter, a user can select a XCCDF Benchmark and Profile with which to run a compliance scan. Open Vulnerability Assessment Language (OVAL) While processing XCCDF content, the entire body of OVAL checks is analyzed to produce a corresponding Nessus/SecurityCenter audit policy file. Nessus and SecurityCenter support all of the various OVAL check types from simple registry checks to the more complex logic checks that require multiple if/then decision trees. If the tests described in the OVAL content change, the corresponding audit content will change as well. If the OVAL content contains an error, the corresponding audit policies will contain the same error. In each of these cases, SecurityCenter uses the OVAL definitions to produce the specific Nessus audit content. As NIST updates the OVAL content for various tests, SecurityCenter does not need to be updated as it natively interprets OVAL. Nessus performs the checks described by OVAL through several proprietary methods that leverage remote credentials of target Windows and Linux systems. No agents are required on the target platform to perform any of the required audits described by OVAL. However, SecurityCenter does install a dissolvable agent that runs the compliance scan on the target. Asset Identification Asset Identification is used to differentiate sets of information about assets. The Asset Identification portion of a SecurityCenter report is generated based on values retrieved from the system during a scan, and supports version 1.1. Asset Reporting Format (ARF) Tenable Network Security makes use of ARF (Asset Reporting Format), which is a format for expressing the transport format of information about assets and the relationships between assets and reports, within SecurityCenter. ARF 1.1 reports are generated by using the provided SCAP content and the XCCDF/OVAL results from the execution of the SCAP content. The OVAL results included match the OVAL result type selected for the scan. The OVAL results included in the ARF report can be one of the following types: full results with system characteristics, full results without system characteristics, or thin results. SCAP Implementation SecurityCenter and Nessus have the ability to import SCAP content. SCAP comprises multiple standards including OVAL, CVE, CVSS, XCCDF, CPE, OCIL, CCSS, Asset Identification, ARF, and CCE, as previously described in this document. SecurityCenter and Nessus support SCAP by integrating each aspect of OVAL, CVE, CVSS, XCCDF, CPE, Asset Identification, ARF, and CCE to help organizations accurately test their infrastructure and ensure that it is configured with the correct settings. OVAL, CCE, CPE and XCCDF define policies, configuration settings and testing methodology for these configuration settings. 5

Tenable customers use SecurityCenter, which is compatible with these standards, to run SCAP compliance scans against targets through the Nessus vulnerability scanner. SCAP content is uploaded to SecurityCenter via the UI. SecurityCenter then runs the scan based on the profile/benchmark selected to perform a configuration audit of target systems. Once the scan is finished, SecurityCenter generates reports in four formats (ARF, XCCDF, OVAL, and Nessus). SecurityCenter can be used to report and analyze many different types of configuration and vulnerability data for large and small enterprises. SecurityCenter also manages re-scanning of systems (also known as remediation scanning) to verify compliance. In addition, SecurityCenter can also manage the Passive Vulnerability Scanner and multiple Log Correlation Engine instances. Each of these products can be used to monitor network traffic and logs for evidence that an asset has undergone a change that may indicate a non-compliant state. These checks may also indicate that new hosts have been connected to the network and may require auditing. About Tenable Network Security Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Our family of products includes SecurityCenter Continuous View, which provides the most comprehensive and integrated view of network health, and Nessus, the global standard in detecting and assessing network data. Tenable is relied upon by many of the world s largest corporations, not-for-profit organizations and public sector agencies, including the entire U.S. Department of Defense. For more information, visit tenable.com. 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback