OVAL - OVAL Adoption Program

OVAL Adoption Program

MITRE has partnered with the U.S. National Institute of Standards and Technology (NIST) to replace the OVAL Compatibility program with two independent but complementary efforts, an "OVAL Adoption Program" managed by MITRE and the "Security Content Automation Protocol (SCAP) Validation Program" managed by NIST.

This new combined process will allow MITRE to focus more exclusively on directly advancing the OVAL standard as well as supporting organizations that have adopted or are adopting OVAL, rather than on confirming adherence to compatibility requirements.

New Program Roll-Out

During the coming months the OVAL Web site will be updated to reflect the new program. Products currently listed in the OVAL Compatibility section will be moved into a new OVAL Adoption section. Organizations with products registered as OVAL-Compatible may continue to use the OVAL-Compatible logo during the transition.

Timeline

Any product that is currently listed as OVAL-Compatible for a capability that will be tested in the new NIST SCAP Validation Program for OVAL will be grandfathered into the new SCAP Validation Program for one year beginning April 1, 2009. NIST is currently reviewing the list of OVAL-Compatible products to determine which products will be grandfathered into the new OVAL Validation program. Once this review is complete MITRE will reach out to all organizations participating in the OVAL Compatibility Program and let them know if their products are being grandfathered and how the changes in the validation program will impact them.

April 1, 2009 — Start date for grandfathering. All OVAL-Compatible products that align with tested capabilities in NIST’s SCAP Validation Program will be grandfathered into the NIST program.

The SCAP Validation Program begins offering validations for OVAL-specific capabilities.

OVAL Web site updated to reflect the new adoption and validation program. This will include:

Aligning the list of compatible products with the validated product list from NIST.
Aligning the declarations of intent to support OVAL with the new program.
Aligning the questionnaires with the new program.

These changes will impact the list of products participating in the OVAL Compatibility Program. MITRE will contact each organization to let them know how the changes will impact them.

April 1, 2010 — All grandfathered validations expire. Vendors will need to have their products revalidated through the SCAP Validation Program.

Detailed Description

For descriptions of how the two programs interrelate, including an overview of the new process from an adopting vendor’s perspective, please read The MITRE Adoption Programs and the NIST SCAP Validation Program (438k, PDF).

Feedback

Please send any comments or concerns to oval@mitre.org.

Page Last Updated: December 22, 2008

Section Contents
OVAL Adoption Program
OVAL Compatibility
About
Program
Requirements
Correctness Testing
Benefits
Compatible Products
Declarations to Be OVAL-Compatible
Organizations Participating
Product List
Capability List
Supporters
Other Items of Interest
OVAL-Related Work
Make a Declaration
Compatibility Archive
Compatibility FAQs
Compatibility Documents


	OVAL is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. The OVAL Web site is hosted by The MITRE Corporation. Copyright 2002-2009, The MITRE Corporation. All rights reserved. OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Contact oval@mitre.org for more information.	Privacy policy Terms of use