Ziring, N.
and Grance, T.
(2006),
Specification for the Extensible Configuration Checklist Description Format (XCCDF), Version 1.1, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.7275, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=150599
(Accessed April 19, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Specification for the Extensible Configuration Checklist Description Format (XCCDF), Version 1.1
Published
Author(s)
Neal Ziring,
Abstract
This document specifies the data model and XML representation for the Extensible Configuration Checklist Description Format (XCCDF). An XCCDF document is a structured collection of security configuration rules for some set of target systems. The XCCDF specification is designed to support information interchange, document generation, organizational and situational tailoring, automated compliance testing, and compliance scoring. The specification also defines a data model and format for storing results of benchmark compliance testing. The intent of XCCDF is to provide a uniform foundation for expression of security checklists, benchmarks, and other configuration guidance, and thereby foster more widespread application of good security practices.Citation
NIST Interagency/Internal Report (NISTIR) - 7275
Report Number
7275
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
automated tool, benchmark, compliance, computer security, hardening, lockdown, metadata security requirement, operating system, OVAL, rule checking, security checklist, Security configuration, security controls, security policy, XHTML, XML
Citation
Created October 31, 2006, Updated October 12, 2021