"Different" 800-53 group results

Support topics for the enterprise version of ThreatGuard's SCAP products.
owensjp
Contributor
Posts: 12
Joined: Tue Apr 08, 2008 7:42 am

"Different" 800-53 group results

Postby owensjp » Wed May 21, 2008 6:12 am

In parsing through exported XML Magnus results files, we've found a handful of the 800-53 groups that are reported out differently than the others, but only in the Vista desktop benchmark. Those groups are:

AC-2
AU-8
IA-1
SC-8
SI-6
SI-7

While all the other groups include score information, score_color, etc. as attributes. These groups include only two attributes: pass="0" and fail="0". We're not quite sure what to make of this. Can you shed any light on the question? Thanks in advance for your help.

robert.hollis
SME
Posts: 24
Joined: Wed Mar 07, 2007 12:32 pm

800-53 Group Results

Postby robert.hollis » Wed May 21, 2008 8:39 am

Hello 'JP', and thank you for your question.

0 pass, 0 fail means all rules of that group had 'unknown' results.

Unknown can happen for a couple different reasons. In one case, there may be no underlying OVAL definition in the SCAP data stream to support the check. The Secutor Prime UI will display these instances with a [?]. Another case is when there is an error during the assessment, indicated by a [!]. Secutor Magnus displays all unknown items with a "?".

The Vista content has a number of tests that cannot be performed over the wire. These are the Audit Policy Subcategories. When using Magnus in agentless mode, these items will be reported as an error ("?"), and no results will be available for that group.

Alternative, you can deploy agents to gather this information with Magnus.

-rob


Return to “Secutor Magnus Support”

Who is online

Users browsing this forum: No registered users and 1 guest