With the continued growth and adoption of the Security Content Automation Protocol (SCAP), the National Institutes of Standards and Technology (NIST) is publishing more content to support the new United States Government Configuration Baseline (USGCB). With the release of QualysGuard 6.17, users can now import NIST content and scan Windows 7, Windows 7 Firewall, and Internet Explorer 8 in the QualysGuard FDCC Module.
Importing NIST Content
Since NIST has not finalized the content for Windows 7 and Internet Explorer 8, the FDCC Module does not currently have the new content available for import. However, the current content from NIST can be uploaded as a custom policy in the FDCC Module. To access the NIST content, please visit http://web.nvd.nist.gov/view/ncp/repository. Once you have the files downloaded, you can upload the content by performing the following steps:
- From the Tools section, select Policies
- From the menu, select New, FDCC Policy…
- Choose the following files downloaded from the NIST website.
- XCCDF Content
- CPE OVAL Definitions
- CPE 2.0 Dictionary
- OVAL Compliance Definitions
- Click Validate to create the policy.
- Once validated, verify the Title, FDCC Profile, and Description. Click Save.
- Add Asset Group(s) to the new FDCC policy.
NOTE: Since the NIST content is still in draft, Schematron Validation is not currently supported for Windows 7 and Internet Explorer 8.
Figure 1: New FDCC Policy: Validate
Figure 2: New FDCC Policy : Save
Once the FDCC policy has been created, you are ready to scan targets by performing the following steps:
- From the Navigation section, select FDCC Scan
- From the menu, select New, Scan
- Enter the following information and click Launch:
- FDCC Policy
- Compliance Profile
- Scanner Appliance
- Asset Group(s)
Figure 3: Launch FDCC Scan