Please review attached pdf file regarding userright update to OVAL 5.11. Please note this document in itself is not complete. I want to include a zip file as well. The contents of this zip file are defined in the document. >From what I understand the new process is to utilize github. I have created an account there and per instruction on: https://github.com/OVALProject/Language/wiki ....... It appears I should: 2.Create a new issue to request a new feature or to report a bug in the OVAL Language Tracker Please confirm that is the full process and that I can attach this PDF and Zip file for full review Bryan Wilson SPAWAR Systems Center Atlantic 8432184316 ...

Hi Bryan, The Github site you referenced is owned by MITRE, who no longer moderate the development of the OVAL language. The language is now curated directly by the community. We have been working on a new process for proposing changes to the language, and it will likely involve a repository hosted on Github, but that process has not been finalized yet. Until it is ready, I don’t see any reason why your proposal shouldn’t be discussed entirely on this list. Best regards, —David A. Solin Co-Founder, Research & Technology solin@jovalcm.com > On Jan 20, 2016, at 1:41 PM, Wilson, Bryan L CIV SPAWARSYSCEN-ATLANTIC, 58600 <bryan.l.wilson@navy.mil> wrote: > > Please review attached pdf file regarding userright update to OVAL 5.11. Please note this document in itself is not complete. I want to include a zip file as well. The contents of this zip file are defined in the document. > > From what I understand the new process is to utilize github. I have created an account there and per instruction on: https://github.com/OVALProject/Language/wiki ....... > > It appears I should: > 2.Create a new issue to request a new feature or to report a bug in the OVAL Language Tracker > > Please confirm that is the full process and that I can attach this PDF and Zip file for full review > > > Bryan Wilson > SPAWAR Systems Center Atlantic > 8432184316 > > > > ...<win-def_userright_updates_2016.pdf>_______________________________________________ > OVAL_Developer mailing list > OVAL_Developer@lists.cisecurity.org > http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org ...

Please review attached PDF for this requested update. This email contains 2 attachments. 1) win-def_userright_updates_2016.pdf * Same document I sent yesterday. No updates or modifications made, dated 01-20-2016 2) win-def_userright_schema_content_and_results.change2zip * Save the file and change extension from "change2zip" to "zip" * The zip file contains the following: * Example Content * userright_test-oval_Prototype_ForForum.xml * userright_test-oval_Prototype_ForForum_SQLUpdate.xml * Schema Changes * userright_updates_windows-definitions-schema.xsd * userright_updates_windows-system-characteristics-schema.xsd * Example Results * Example 1 * Host1_SCC-4.1_16-01-12_2016-01-13_093006_All-Settings_userright_test-oval_Prototype_ForForum.htm * Host1_SCC-4.1_16-01-12_2016-01-13_093006_OVAL-Results_userright_test-oval_Prototype_ForForum.xml * Host1_SCC-4.1_16-01-12_2016-01-13_093006_OVAL-Variables_userright_test-oval_Prototype_ForForum.xml * Example 2 * Host1_SCC-4.1_16-01-12_2016-01-13_095109_All-Settings_userright_test-oval_Prototype_ForForum.htm * Host1_SCC-4.1_16-01-12_2016-01-13_095109_OVAL-Results_userright_test-oval_Prototype_ForForum.xml * Host1_SCC-4.1_16-01-12_2016-01-13_095109_OVAL-Variables_userright_test-oval_Prototype_ForForum.xml * Example 3a * IISSQLServer_SCC-4.1_DEV21_2016-01-13_150031_All-Settings_userright_test-oval_Prototype_ForForum.htm * IISSQLServer_SCC-4.1_DEV21_2016-01-13_150031_OVAL-Results_userright_test-oval_Prototype_ForForum.xml * IISSQLServer_SCC-4.1_DEV21_2016-01-13_150031_OVAL-Variables_userright_test-oval_Prototype_ForForum.xml * Example 3b * IISSQLServer_SCC-4.1_16-01-12_2016-01-13_103709_All-Settings_userright_test-oval_Prototype_ForForum_SQLUpdate.htm * IISSQLServer_SCC-4.1_16-01-12_2016-01-13_103709_OVAL-Results_userright_test-oval_Prototype_ForForum_SQLUpdate.xml * IISSQLServer_SCC-4.1_16-01-12_2016-01-13_103709_OVAL-Variables_userright_test-oval_Prototype_ForForum_SQLUpdate.xml Bryan Wilson Computer Engineer SPAWAR Systems Center Atlantic Bryan.L.Wilson@Navy.mil<mailto:Bryan.L.Wilson@Navy.mil> ________________________________ From: David Solin [solin@jovalcm.com] Sent: Wednesday, January 20, 2016 5:21 PM To: Wilson, Bryan L CIV SPAWARSYSCEN-ATLANTIC, 58600 Cc: OVAL_Developer@lists.cisecurity.org Subject: [Non-DoD Source] Re: [OVAL DEVELOPER] Userright Test Update Request Hi Bryan, The Github site you referenced is owned by MITRE, who no longer moderate the development of the OVAL language. The language is now curated directly by the community. We have been working on a new process for proposing changes to the language, and it will likely involve a repository hosted on Github, but that process has not been finalized yet. Until it is ready, I don’t see any reason why your proposal shouldn’t be discussed entirely on this list. Best regards, —David A. Solin Co-Founder, Research & Technology solin@jovalcm.com > On Jan 20, 2016, at 1:41 PM, Wilson, Bryan L CIV SPAWARSYSCEN-ATLANTIC, 58600 <bryan.l.wilson@navy.mil> wrote: > > Please review attached pdf file regarding userright update to OVAL 5.11. Please note this document in itself is not complete. I want to include a zip file as well. The contents of this zip file are defined in the document. > > From what I understand the new process is to utilize github. I have created an account there and per instruction on: https://github.com/OVALProject/Language/wiki ....... > > It appears I should: > 2.Create a new issue to request a new feature or to report a bug in the OVAL Language Tracker > > Please confirm that is the full process and that I can attach this PDF and Zip file for full review > > > Bryan Wilson > SPAWAR Systems Center Atlantic > 8432184316 > > > > ...<win-def_userright_updates_2016.pdf>_______________________________________________ > OVAL_Developer mailing list > OVAL_Developer@lists.cisecurity.org > http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org ...

Hi Bryan, Thanks for putting all this information together! Clearly there would be an impact on any existing content, since we’d go from any resulting item having multiple SIDs to having only a single SID (meaning logic would need to be migrated from a trustee_sid@entity_check to the corresponding userright_test@check). Having said that… I am not aware of any publicly-available content that’s making use of the win-def:userright_test. Does anyone have proprietary content that would be impacted by this change? Best regards, —David Solin David A. Solin Co-Founder, Research & Technology solin@jovalcm.com > On Jan 21, 2016, at 8:48 AM, Wilson, Bryan L CIV SPAWARSYSCEN-ATLANTIC, 58600 <bryan.l.wilson@navy.mil> wrote: > > Please review attached PDF for this requested update. > > > > This email contains 2 attachments. > > > > 1) win-def_userright_updates_2016.pdf > > * Same document I sent yesterday. No updates or modifications made, dated 01-20-2016 > > > > 2) win-def_userright_schema_content_and_results.change2zip > > * Save the file and change extension from "change2zip" to "zip" > * The zip file contains the following: > * Example Content > * userright_test-oval_Prototype_ForForum.xml > * userright_test-oval_Prototype_ForForum_SQLUpdate.xml > * Schema Changes > * userright_updates_windows-definitions-schema.xsd > * userright_updates_windows-system-characteristics-schema.xsd > * Example Results > * Example 1 > * Host1_SCC-4.1_16-01-12_2016-01-13_093006_All-Settings_userright_test-oval_Prototype_ForForum.htm > * Host1_SCC-4.1_16-01-12_2016-01-13_093006_OVAL-Results_userright_test-oval_Prototype_ForForum.xml > * Host1_SCC-4.1_16-01-12_2016-01-13_093006_OVAL-Variables_userright_test-oval_Prototype_ForForum.xml > * Example 2 > * Host1_SCC-4.1_16-01-12_2016-01-13_095109_All-Settings_userright_test-oval_Prototype_ForForum.htm > * Host1_SCC-4.1_16-01-12_2016-01-13_095109_OVAL-Results_userright_test-oval_Prototype_ForForum.xml > * Host1_SCC-4.1_16-01-12_2016-01-13_095109_OVAL-Variables_userright_test-oval_Prototype_ForForum.xml > * Example 3a > * IISSQLServer_SCC-4.1_DEV21_2016-01-13_150031_All-Settings_userright_test-oval_Prototype_ForForum.htm > * IISSQLServer_SCC-4.1_DEV21_2016-01-13_150031_OVAL-Results_userright_test-oval_Prototype_ForForum.xml > * IISSQLServer_SCC-4.1_DEV21_2016-01-13_150031_OVAL-Variables_userright_test-oval_Prototype_ForForum.xml > * Example 3b > * IISSQLServer_SCC-4.1_16-01-12_2016-01-13_103709_All-Settings_userright_test-oval_Prototype_ForForum_SQLUpdate.htm > * IISSQLServer_SCC-4.1_16-01-12_2016-01-13_103709_OVAL-Results_userright_test-oval_Prototype_ForForum_SQLUpdate.xml > * IISSQLServer_SCC-4.1_16-01-12_2016-01-13_103709_OVAL-Variables_userright_test-oval_Prototype_ForForum_SQLUpdate.xml > > > > > Bryan Wilson > Computer Engineer > SPAWAR Systems Center Atlantic > Bryan.L.Wilson@Navy.mil<mailto:Bryan.L.Wilson@Navy.mil> > ________________________________ > From: David Solin [solin@jovalcm.com] > Sent: Wednesday, January 20, 2016 5:21 PM > To: Wilson, Bryan L CIV SPAWARSYSCEN-ATLANTIC, 58600 > Cc: OVAL_Developer@lists.cisecurity.org > Subject: [Non-DoD Source] Re: [OVAL DEVELOPER] Userright Test Update Request > > Hi Bryan, > > The Github site you referenced is owned by MITRE, who no longer moderate the development of the OVAL language. The language is now curated directly by the community. We have been working on a new process for proposing changes to the language, and it will likely involve a repository hosted on Github, but that process has not been finalized yet. > > Until it is ready, I don’t see any reason why your proposal shouldn’t be discussed entirely on this list. > > Best regards, > —David A. Solin > Co-Founder, Research & Technology > solin@jovalcm.com > > > >> On Jan 20, 2016, at 1:41 PM, Wilson, Bryan L CIV SPAWARSYSCEN-ATLANTIC, 58600 <bryan.l.wilson@navy.mil> wrote: >> >> Please review attached pdf file regarding userright update to OVAL 5.11. Please note this document in itself is not complete. I want to include a zip file as well. The contents of this zip file are defined in the document. >> >> From what I understand the new process is to utilize github. I have created an account there and per instruction on: https://github.com/OVALProject/Language/wiki ....... >> >> It appears I should: >> 2.Create a new issue to request a new feature or to report a bug in the OVAL Language Tracker >> >> Please confirm that is the full process and that I can attach this PDF and Zip file for full review >> >> >> Bryan Wilson >> SPAWAR Systems Center Atlantic >> 8432184316 >> >> >> >> ...<win-def_userright_updates_2016.pdf>_______________________________________________ >> OVAL_Developer mailing list >> OVAL_Developer@lists.cisecurity.org >> http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org > > <win-def_userright_schema_content_and_results.change2zip><win-def_userright_updates_2016.pdf> ...

As we develop a large amount of SCAP content, I'll need to check.... Kent Landfield Intel Kent.B.Landfield@intel.com +1.817.637.8026 > On Jan 25, 2016, at 8:05 AM, David Solin <solin@jovalcm.com> wrote: > > Hi Bryan, > > Thanks for putting all this information together! > > Clearly there would be an impact on any existing content, since we’d go from any resulting item having multiple SIDs to having only a single SID (meaning logic would need to be migrated from a trustee_sid@entity_check to the corresponding userright_test@check). > > Having said that… I am not aware of any publicly-available content that’s making use of the win-def:userright_test. > > Does anyone have proprietary content that would be impacted by this change? > > Best regards, > —David Solin > > > David A. Solin > Co-Founder, Research & Technology > solin@jovalcm.com > > > > > >> On Jan 21, 2016, at 8:48 AM, Wilson, Bryan L CIV SPAWARSYSCEN-ATLANTIC, 58600 <bryan.l.wilson@navy.mil> wrote: >> >> Please review attached PDF for this requested update. >> >> >> >> This email contains 2 attachments. >> >> >> >> 1) win-def_userright_updates_2016.pdf >> >> * Same document I sent yesterday. No updates or modifications made, dated 01-20-2016 >> >> >> >> 2) win-def_userright_schema_content_and_results.change2zip >> >> * Save the file and change extension from "change2zip" to "zip" >> * The zip file contains the following: >> * Example Content >> * userright_test-oval_Prototype_ForForum.xml >> * userright_test-oval_Prototype_ForForum_SQLUpdate.xml >> * Schema Changes >> * userright_updates_windows-definitions-schema.xsd >> * userright_updates_windows-system-characteristics-schema.xsd >> * Example Results >> * Example 1 >> * Host1_SCC-4.1_16-01-12_2016-01-13_093006_All-Settings_userright_test-oval_Prototype_ForForum.htm >> * Host1_SCC-4.1_16-01-12_2016-01-13_093006_OVAL-Results_userright_test-oval_Prototype_ForForum.xml >> * Host1_SCC-4.1_16-01-12_2016-01-13_093006_OVAL-Variables_userright_test-oval_Prototype_ForForum.xml >> * Example 2 >> * Host1_SCC-4.1_16-01-12_2016-01-13_095109_All-Settings_userright_test-oval_Prototype_ForForum.htm >> * Host1_SCC-4.1_16-01-12_2016-01-13_095109_OVAL-Results_userright_test-oval_Prototype_ForForum.xml >> * Host1_SCC-4.1_16-01-12_2016-01-13_095109_OVAL-Variables_userright_test-oval_Prototype_ForForum.xml >> * Example 3a >> * IISSQLServer_SCC-4.1_DEV21_2016-01-13_150031_All-Settings_userright_test-oval_Prototype_ForForum.htm >> * IISSQLServer_SCC-4.1_DEV21_2016-01-13_150031_OVAL-Results_userright_test-oval_Prototype_ForForum.xml >> * IISSQLServer_SCC-4.1_DEV21_2016-01-13_150031_OVAL-Variables_userright_test-oval_Prototype_ForForum.xml >> * Example 3b >> * IISSQLServer_SCC-4.1_16-01-12_2016-01-13_103709_All-Settings_userright_test-oval_Prototype_ForForum_SQLUpdate.htm >> * IISSQLServer_SCC-4.1_16-01-12_2016-01-13_103709_OVAL-Results_userright_test-oval_Prototype_ForForum_SQLUpdate.xml >> * IISSQLServer_SCC-4.1_16-01-12_2016-01-13_103709_OVAL-Variables_userright_test-oval_Prototype_ForForum_SQLUpdate.xml >> >> >> >> >> Bryan Wilson >> Computer Engineer >> SPAWAR Systems Center Atlantic >> Bryan.L.Wilson@Navy.mil<mailto:Bryan.L.Wilson@Navy.mil> >> ________________________________ >> From: David Solin [solin@jovalcm.com] >> Sent: Wednesday, January 20, 2016 5:21 PM >> To: Wilson, Bryan L CIV SPAWARSYSCEN-ATLANTIC, 58600 >> Cc: OVAL_Developer@lists.cisecurity.org >> Subject: [Non-DoD Source] Re: [OVAL DEVELOPER] Userright Test Update Request >> >> Hi Bryan, >> >> The Github site you referenced is owned by MITRE, who no longer moderate the development of the OVAL language. The language is now curated directly by the community. We have been working on a new process for proposing changes to the language, and it will likely involve a repository hosted on Github, but that process has not been finalized yet. >> >> Until it is ready, I don’t see any reason why your proposal shouldn’t be discussed entirely on this list. >> >> Best regards, >> —David A. Solin >> Co-Founder, Research & Technology >> solin@jovalcm.com >> >> >> >>> On Jan 20, 2016, at 1:41 PM, Wilson, Bryan L CIV SPAWARSYSCEN-ATLANTIC, 58600 <bryan.l.wilson@navy.mil> wrote: >>> >>> Please review attached pdf file regarding userright update to OVAL 5.11. Please note this document in itself is not complete. I want to include a zip file as well. The contents of this zip file are defined in the document. >>> >>> From what I understand the new process is to utilize github. I have created an account there and per instruction on: https://github.com/OVALProject/Language/wiki ....... >>> >>> It appears I should: >>> 2.Create a new issue to request a new feature or to report a bug in the OVAL Language Tracker >>> >>> Please confirm that is the full process and that I can attach this PDF and Zip file for full review >>> >>> >>> Bryan Wilson >>> SPAWAR Systems Center Atlantic >>> 8432184316 >>> >>> >>> >>> ...<win-def_userright_updates_2016.pdf>_______________________________________________ >>> OVAL_Developer mailing list >>> OVAL_Developer@lists.cisecurity.org >>> http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org >> >> <win-def_userright_schema_content_and_results.change2zip><win-def_userright_updates_2016.pdf> > > ... > > _______________________________________________ > OVAL_Developer mailing list > OVAL_Developer@lists.cisecurity.org > http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org ...

I agree with David's assessment of the needed changes. CIS has a small number of instances in which we use the existing <userright_test> construct. We'd have to migrate those changes as David suggests, but again, it's a pretty small number and can be accomplished in our release cycle. I like the idea of having the trustee_name included in the constructs; I agree it makes reporting and remediation more readable and usable. Thanks Bryan for putting the proposal together! Cheers, -Bill M. -Bill Munyan Technical Product Executive :: CIS-CAT Security Controls & Automation Center for Internet Security -----Original Message----- From: OVAL_Developer [mailto:oval_developer-bounces@lists.cisecurity.org] On Behalf Of David Solin Sent: Monday, January 25, 2016 9:05 AM To: OVAL_Developer@lists.cisecurity.org Subject: Re: [OVAL DEVELOPER] Userright Test Update Request - Full Proposal Dated 01-20-2016 Hi Bryan, Thanks for putting all this information together! Clearly there would be an impact on any existing content, since we'd go from any resulting item having multiple SIDs to having only a single SID (meaning logic would need to be migrated from a trustee_sid@entity_check to the corresponding userright_test@check). Having said that... I am not aware of any publicly-available content that's making use of the win-def:userright_test. Does anyone have proprietary content that would be impacted by this change? Best regards, -David Solin David A. Solin Co-Founder, Research & Technology solin@jovalcm.com > On Jan 21, 2016, at 8:48 AM, Wilson, Bryan L CIV SPAWARSYSCEN-ATLANTIC, 58600 <bryan.l.wilson@navy.mil> wrote: > > Please review attached PDF for this requested update. > > > > This email contains 2 attachments. > > > > 1) win-def_userright_updates_2016.pdf > > * Same document I sent yesterday. No updates or modifications made, dated 01-20-2016 > > > > 2) win-def_userright_schema_content_and_results.change2zip > > * Save the file and change extension from "change2zip" to "zip" > * The zip file contains the following: > * Example Content > * userright_test-oval_Prototype_ForForum.xml > * userright_test-oval_Prototype_ForForum_SQLUpdate.xml > * Schema Changes > * userright_updates_windows-definitions-schema.xsd > * userright_updates_windows-system-characteristics-schema.xsd > * Example Results > * Example 1 > * Host1_SCC-4.1_16-01-12_2016-01-13_093006_All-Settings_userright_test-oval_Prototype_ForForum.htm > * Host1_SCC-4.1_16-01-12_2016-01-13_093006_OVAL-Results_userright_test-oval_Prototype_ForForum.xml > * Host1_SCC-4.1_16-01-12_2016-01-13_093006_OVAL-Variables_userright_test-oval_Prototype_ForForum.xml > * Example 2 > * Host1_SCC-4.1_16-01-12_2016-01-13_095109_All-Settings_userright_test-oval_Prototype_ForForum.htm > * Host1_SCC-4.1_16-01-12_2016-01-13_095109_OVAL-Results_userright_test-oval_Prototype_ForForum.xml > * Host1_SCC-4.1_16-01-12_2016-01-13_095109_OVAL-Variables_userright_test-oval_Prototype_ForForum.xml > * Example 3a > * IISSQLServer_SCC-4.1_DEV21_2016-01-13_150031_All-Settings_userright_test-oval_Prototype_ForForum.htm > * IISSQLServer_SCC-4.1_DEV21_2016-01-13_150031_OVAL-Results_userright_test-oval_Prototype_ForForum.xml > * IISSQLServer_SCC-4.1_DEV21_2016-01-13_150031_OVAL-Variables_userright_test-oval_Prototype_ForForum.xml > * Example 3b > * IISSQLServer_SCC-4.1_16-01-12_2016-01-13_103709_All-Settings_userright_test-oval_Prototype_ForForum_SQLUpdate.htm > * IISSQLServer_SCC-4.1_16-01-12_2016-01-13_103709_OVAL-Results_userright_test-oval_Prototype_ForForum_SQLUpdate.xml > * IISSQLServer_SCC-4.1_16-01-12_2016-01-13_103709_OVAL-Variables_userright_test-oval_Prototype_ForForum_SQLUpdate.xml > > > > > Bryan Wilson > Computer Engineer > SPAWAR Systems Center Atlantic > Bryan.L.Wilson@Navy.mil<mailto:Bryan.L.Wilson@Navy.mil> > ________________________________ > From: David Solin [solin@jovalcm.com] > Sent: Wednesday, January 20, 2016 5:21 PM > To: Wilson, Bryan L CIV SPAWARSYSCEN-ATLANTIC, 58600 > Cc: OVAL_Developer@lists.cisecurity.org > Subject: [Non-DoD Source] Re: [OVAL DEVELOPER] Userright Test Update Request > > Hi Bryan, > > The Github site you referenced is owned by MITRE, who no longer moderate the development of the OVAL language. The language is now curated directly by the community. We have been working on a new process for proposing changes to the language, and it will likely involve a repository hosted on Github, but that process has not been finalized yet. > > Until it is ready, I don't see any reason why your proposal shouldn't be discussed entirely on this list. > > Best regards, > -David A. Solin > Co-Founder, Research & Technology > solin@jovalcm.com > > > >> On Jan 20, 2016, at 1:41 PM, Wilson, Bryan L CIV SPAWARSYSCEN-ATLANTIC, 58600 <bryan.l.wilson@navy.mil> wrote: >> >> Please review attached pdf file regarding userright update to OVAL 5.11. Please note this document in itself is not complete. I want to include a zip file as well. The contents of this zip file are defined in the document. >> >> From what I understand the new process is to utilize github. I have created an account there and per instruction on: https://github.com/OVALProject/Language/wiki ....... >> >> It appears I should: >> 2.Create a new issue to request a new feature or to report a bug in the OVAL Language Tracker >> >> Please confirm that is the full process and that I can attach this PDF and Zip file for full review >> >> >> Bryan Wilson >> SPAWAR Systems Center Atlantic >> 8432184316 >> >> >> >> ...<win-def_userright_updates_2016.pdf>_______________________________________________ >> OVAL_Developer mailing list >> OVAL_Developer@lists.cisecurity.org >> http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org > > <win-def_userright_schema_content_and_results.change2zip><win-def_userright_updates_2016.pdf> ... _______________________________________________ OVAL_Developer mailing list OVAL_Developer@lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org . . . ... This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. . . . ...