Showing results for 
Search instead for 
Did you mean: 
Omar Santos
Cisco Employee
Cisco Employee

Cisco continues to provide leadership in the development of new security standards. For example, Cisco is one of the main contributors to the OASIS Common Security Advisory Framework (CSAF) and Cisco provides Common Vulnerability Reporting Framework (CVRF) content for all Cisco Security Advisories. Cisco has also developed Open Vulnerability and Assessment Language (OVAL) schemas and demonstrated the value of using OVAL to exchange and consume information about vulnerabilities, and cultivated interest in OVAL by the security community.


During the past several years, Cisco has been collaborating with Joval, a key contributor to the development of OVAL. As part of that collaboration, Joval recently created new OVAL definitions for vulnerabilities in Cisco IOS Software, Cisco IOS XE Software, and Cisco Adaptive Security Appliance (ASA) Software, and Joval contributed those definitions to the official OVAL repository. Joval will continue to take an active role in the ongoing development of OVAL definitions for Cisco products, which means it is no longer necessary for Cisco to publish OVAL definitions.


You can browse or search for specific OVAL definitions from the official OVAL repository or download all or a subset of definitions in bulk from the Download area of the repository.


Cisco would like to thank Joval and the OVAL community for their contributions to security automation standards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: