About compliance score calculation for SCAP assets
HOWTO76554
Last Updated May 08, 2012
CCS uses the XCCDF's Default scoring model to calculate the weighted compliance scores for the profiles that are evaluated against the assets. The Default scoring model that is supported in XCCDF 1.0 lets you calculate the weighted compliance scores for every benchmark profile. The Default scoring model is indicated implicitly for all the SCAP benchmarks. Weights are assigned to every rule of a profile that are used for calculating the weighted compliance score. If a specific rule is not selected, then the weight of that rule is not considered for the compliance score calculation of the profile. Ensure that you provide weights appropriately to the rules for correct computation of the weighted compliance score using the Default scoring model.
CCS defines the following attributes to calculate the compliance scores of the rules:
This attribute is set to either 1 or 0 based on the evaluation result values. The value 1 is set for the result value, Pass, Fail, Error, and Unknown. The value 0 is set for the result values, NotApplicable, NotChecked, NotSelected, Informational, and Fixed.
The evaluation result values of the SCAP benchmark rules and their contribution to the compliance score calculation are as follows:
This means that the asset has satisfied all the conditions of the rule. A pass result contributes to the weighted score and maximum possible compliance score.
This means that the asset did not satisfy all the conditions of the rule. A fail result contributes to the maximum possible compliance score.
This means that the CCS has encountered a system error and is not able to complete the evaluation. Hence, the status of the asset's compliance with the rule is uncertain. For example, if CCS runs with insufficient privileges on the asset, then an error can occur.
This means that CCS has encountered some problem and the result is unknown. For example, if CCS was unable to interpret the output of the evaluation.
This means that the rule is not applicable for the asset that is evaluated. For example, if a rule is specific to an operating system version to which the asset does not belong, then the evaluation result is not applicable. Such kind of evaluation result values do not contribute to the compliance score.
This means that the rule is not evaluated by CCS. Such a result value is designed for the rules that have a role as, unchecked and for the rules that have no properties. Such type of evaluation result values do not contribute to the benchmark compliance score.
This means that the rule is not selected in the benchmark. Such type of evaluation result values do not contribute to the benchmark compliance score.
This means that the rule's result value is simple information that an auditor or administrator uses. Such result is the default value for rules that have a role as, unscored. This result value is designed for rules that can extract information from the asset. This kind of evaluation result values do not contribute to the benchmark compliance score.
This means that the rule has failed, but is fixed. Such kind of evaluation result values must contribute to the compliance score similar to the result value, pass.
This attribute is set to 100 or 0 based on the evaluation result values. For all the result values whose count is 1, the score is set. No score is set for the result values whose count is 0.
This attribute value is the sum total of weights of the rules.
CCS calculates the compliance score for the rules based on the weights that you assign to the rules. CCS also lets you compute the scores for the group to which the rule belongs.
The formula that CCS uses to calculate the compliance score for a rule and group against which an asset is evaluated is as follows
The formula that CCS uses to calculate the weighted compliance score of a profile is as follows:
Weighted compliance score of a profile for a single asset
Weighted compliance score of a profile = (compliance score of the rules) / (sum of weights of the rules)
Weighted compliance score of a profile for multiple assets
Weighted compliance score of the profile = (sum total of the compliance scores of the profiles evaluated against every asset) / (total number of assets)
Weighted compliance score of a profile using weights of the group in which the rule exists
Weighted compliance score of the profile = (Sum of the scores of the rules or groups under the profile) / (sum of the weights of the rule or groups under the profile)
Note: |
If no weight attribute is set for a rule or group, then the weight is considered as 1. No weight is assigned to a profile. |
For example, you calculate the compliance scores (CS) of every asset, A1, A1, A3 against which you evaluate the profile P1. The weighted compliance score that you derive for the assets is as follows:
Imported Document ID: HOWTO76554
Legacy ID:
v66116390_v74603629
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.
Start Over
This will clear the history and restart the chat.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)