Security audit rules

Kaspersky Industrial CyberSecurity for Networks supports security audit rules written in the following languages:

• OVAL (Open Vulnerability and Assessment Language) is an open language for describing vulnerabilities and assessing configurations of information systems. The language standardizes the ways of presenting information, the process of analyzing the system, and the format of the result.

  Rules that use only this language are OVAL definitions which formalize the requirements for information systems, providing the capability to automatically process these requirements.

• XCCDF (Extensible Configuration Checklist Description Format) is an XML-based language for describing checklists of security settings. XCCDF documents usually contain sets of information system requirements.

  Rules that use this language are the lists of high-level requirements in the form of documents with profiles and data groups. For automated processing, such rules must contain associated OVAL definitions.

Security audit rules are grouped into sets. You can use the following types of rule sets:

• System rule sets. These rule sets are supplied and updated together with the database and application module updates. Therefore, before configuring security audit using the system rule sets, install the updates.
• User-defined rule sets. These rule sets are loaded into the application by the user through the import of files.

When a rule set is loaded, the application verifies the rules in the rule set. If errors are detected in the verified rules, the application blocks these rules from being applied. If errors are detected in all rules of the set or the set does not contain any rules, the application blocks the entire set from being applied.

When creating or editing security audit jobs, you can select the rules according to which scans are performed.