Cisco continues to provide leadership in the development of new security standards. For example, Cisco is one of the main contributors to the OASIS Common Security Advisory Framework (CSAF) and Cisco provides Common Vulnerability Reporting Framework (CVRF) content for all Cisco Security Advisories. Cisco has also developed Open Vulnerability and Assessment Language (OVAL) schemas and demonstrated the value of using OVAL to exchange and consume information about vulnerabilities, and cultivated interest in OVAL by the security community.

 

During the past several years, Cisco has been collaborating with Joval, a key contributor to the development of OVAL. As part of that collaboration, Joval recently created new OVAL definitions for vulnerabilities in Cisco IOS Software, Cisco IOS XE Software, and Cisco Adaptive Security Appliance (ASA) Software, and Joval contributed those definitions to the official OVAL repository. Joval will continue to take an active role in the ongoing development of OVAL definitions for Cisco products, which means it is no longer necessary for Cisco to publish OVAL definitions.

 

You can browse or search for specific OVAL definitions from the official OVAL repository or download all or a subset of definitions in bulk from the Download area of the repository.

 

Cisco would like to thank Joval and the OVAL community for their contributions to security automation standards.