Showing results for 
Search instead for 
Did you mean: 

Cisco IOS OVAL Definitions - Frequently Asked Questions




What is OVAL?

Open Vulnerability and Assessment Language (OVAL) is an international community standard maintained by MITRE to promote open and publicly available security content, and to standardize the transfer of this information in security tools and services. OVAL's main purpose is to assist security administrators by accelerating the process of analyzing a system for the presence of a vulnerability or configuration best practices. MITRE's OVAL website contains a detailed definition at the following link:

Why is Cisco Adopting OVAL?

In September 2012 Cisco will start, where possible, releasing OVAL definitions (along with its Security Advisories and Applied Mitigation Bulletins) for Cisco IOS vulnerabilities that are released in bundles twice a year (September, March).

Cisco is committed to protect Cisco customers by sharing critical security-related information in different formats. OVAL speeds up information exchange and digestion of such security-related information. Using OVAL, security administrators and other users can accelerate the process of determining the existence of software vulnerabilities, configuration issues, programs, and/or patches in Cisco IOS Software.

What is an OVAL definition?

OVAL Definitions are XML files that contain information about how to check a system for the presence of vulnerabilities, configuration issues, patches, installed applications, or other characteristics of such system. For vulnerability checks, definitions are written to check for the presence or not of a vulnerability in a system. OVAL definitions must comply with the OVAL definition schemata and data model, and should be written in accordance with the Authoring Style Guide defined by MITRE. Visit MITRE's "OVAL Definition Lifecycle" website at the following link for a detailed description of the OVAL definition process:

What are OVAL Schemata?

The OVAL community has developed three types of schemata written in Extensible Markup Language (XML) to serve as the framework and vocabulary of the OVAL Language. These schemata correspond to the three steps of the assessment process: an OVAL System Characteristics schema for representing system information, an OVAL definition schema for expressing a specific machine state, and an OVAL Results schema for reporting the results of an assessment.

The OVAL schemata are created by MITRE and members of the OVAL Developer’s Forum and approved by the OVAL Board. Visit MITRE's OVAL Language Releases website to review or download the schemata:

Can OVAL Protect my Cisco IOS Device Against Security Vulnerabilities?

OVAL definitions can be used to determine which vulnerabilities or configuration issues exist on your Cisco IOS device, as a preventive measure. You may use this information to obtain appropriate software patches and fix information for remediation from confirmed vulnerabilities and to evaluate if a device is configured as recommended by industry-adopted best practices.

How can I use the OVAL content published by Cisco?

jOVAL can be mentioned here that can be used. Also you can mention, "other tools will be made available in the open source community. More on that later..."

Is Cisco Creating OVAL Definitions for Other Cisco Products?

Cisco is currently authoring OVAL definitions for Cisco IOS Software. However, Cisco is working with MITRE and the OVAL community to enhance and develop new schemata to better support IOS and other Cisco Products.

What is the Cisco Product Security Incident Response Team (PSIRT)?

Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks. More information about PSIRT and Cisco's Security Vulnerability Policy can be found at:

Where Can I Find Other Security Related Documents Cisco Publishes?

Customers can stay current with a variety of Cisco publications, including Cisco Security Advisories, Applied Mitigation Bulletins, Event Responses, and Threat Outbreak Alerts, by receiving a short message service (SMS) text message when new content is posted. All this information can be obtained from Cisco's Security Center at:

Content for Community-Ad