A Maintenance Pack is required to deliver the enhancements and fixes for Control Compliance Suite version 11.0
The Product Update (PU) 2014-1 delivers the following new capabilities and enhancements to Control Compliance Suite 11.0:
· New – Discovery
o Network Discovery job
The Network Discovery job uses the network address and subnet mask of a network to discover the subnets within a network.
o Asset Discovery job
The Asset discovery job scans the network to discover all assets in the selected network.
· New - Security Content Automation Protocol (SCAP)
o CCS adopts the Security Content Automation Protocol (SCAP) suite of specifications, which is a validation program defined by National Institute of Standards and Technology (NIST).
§ Control Compliance Suite now also adheres to the SCAP 1.2 specification that comprises the following components:
· Extensible Configuration Checklist Description Format (XCCDF) 1.2
· Open Vulnerability and Assessment Language (OVALR) 5.10.1
· Common Configuration Enumeration (CCE.) 5
· Common Platform Enumeration (CPE.) 2.3
· Common Vulnerabilities and Exposures (CVER)
· Common Vulnerability Scoring System (CVSS) 2.0
· Asset Identification 1.1
· Asset Reporting Format (ARF) 1.1
§ Support for OVAL definition version 5.3 to version 5.10.1 is now added for SCAP 1.2.
§ The evaluation results of the SCAP 1.2 data streams can now be exported to any of the following formats:
· OVAL Thin
· OVAL Full (with system characteristics)
· OVAL Full (without system characteristics)
§ CCS supports valid TIER IV SCAP 1.2 content including the following content that is published by NIST in the National Checklist Program (NCP) repository:
· USGCB Internet Explorer 7 (2.0.x.0)
· USGCB Internet Explorer 8 (1.2.x.0)
· USGCB Windows 7 (1.2.x.0)
· USGCB Windows 7 Firewall (1.2.x.0)
· USGCB Windows Vista (2.0.x.0)
· USGCB Windows Vista Firewall (2.0.x.0)
· USGCB Windows XP Firewall (2.0.x.0)
· USGCB Windows XP (2.0.x.0)
· New –Services and APIs in the Integration Support Services
o The ISCAPExportService is now added to expose the APIs that export SCAP evaluation results into various export formats like Asset Reporting Format (ARF) or Cyberscope xml.
§ The following APIs have been added to the ISCAPExportService for the SCAP module:
o The ISCAPJobService is now added to expose the APIs that create SCAP evaluation jobs and OVAL evaluation jobs.
§ The following APIs have been added to the ISCAPJobService for the SCAP module:
· Enhanced - Agent Product Update
o The Agent Product Update (APU) can now be applied to the agents using LiveUpdate.