Uses Machine
Learning for
Security
Compliance
UsesMachineLearningforSecurityCompliance
Author: Jan Rodák
1
Outline
● What is security compliance
● SCAP standard
● OpenSCAP ecosystem
● From Security Policy to scan
● Why rule filed
2
Security Compliance
● Active steps an organization takes
to protect its assets
● Meet internal security and/or legal
requirements
● Check list of rules
3
SCAP standard
● Security Content Automation Protocol (SCAP)
● SCAP Components
○ XCCDF - The Extensible Configuration Checklist
Description Format
○ OVAL - Open Vulnerability and Assessment
Language
○ ARF - Asset Reporting Format
○ etc.
4
XCCDF
● Language for writing checklist
○ Profile selection of rules
○ Rules
● Structured collection of security
configuration rules for some set of
target systems
5
OVAL
● Main component of the SCAP standard
● Security vulnerabilities
● Desired configuration of systems
● Define a state of some objects in a computer
○ Configuration files
○ File permissions
○ Processes
6
OVAL
7
Definition
OVAL
8
Object
Test
State
OpenSCAP ecosystem
● Implementation of the SCAP
standard
● OpenSCAP Base (Library)
● OpenSCAP Scanner
● SCAP Security guide
(Content)
● Other tools
9
From Policy to Scan (Idea 1)
10
Policy
Policy is developed by
some organization for
example FBI.
(https://www.fbi.gov/ser
vices/cjis/cjis-security-po
licy-resource-center)
Profile
Selection of rules from
content based on given
policy.
(https://complianceasco
de.github.io/content-pag
es/guides/ssg-rhel8-guid
e-cjis.html)
Build
Compiling all
components of SCAP to
one file named
DataStream.
Scan
Output is ARF file.
Why is rule fail (Idea 2)
● SCAP content provides OVAL
for many cases
● Remediation just for one case
11
Bibliography
[1] OVAL Content Creation Tutorial. Center for Internet Security, 2017 [cit. 2023-11-18].
Available at: https://ovalproject.github.io/getting-started/tutorial/.
[2] The Security compliance content in SCAP, Bash, Ansible, and other formats [online].
2022 [cit. 2022-11-18]. Available at: https://github.com/ComplianceAsCode/content.
[3] Waltermire, D., Quinn, S., Booth, H., Scarfone, K. and Prisaca, D. The Technical
Specification for the Security Content Automation Protocol (SCAP). NIST Special
Publication 800-126, 3rd ed. National Institute of Standards and Technology, february
2018 [cit. 2022-11-18]. Available at:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-126r3.pdf.
12
Thank You for Your Attention!
13