Meeting Minutes and OVAL test usage spreadsheet 09-26-2024 Monthly Meeting

[vanderpol]

@OVAL-Community/oval-board-members

OVAL Board - Future of OVAL monthly meetings
September 26, 2024
Attended participants 15

2. Participants
   Vanderpol, Jack R CIV USN NIWC ATLANTIC SC (USA)
   Harris, Daniel Keith CIV USN NIWC ATLANTIC SC (USA)
   Eduardo B. (Canonical) (Unverified)
   Tim Rosner (Unverified)
   Dragos Prisaca (Unverified)
   Richard Maciel (Unverified)
   Boris Iordanov (CIS) (Unverified)
   Stephen Banghart (Unverified)
   Evgenii Kolesnikov (Unverified)
   Adam Biggs (Unverified)
   David Solin (Unverified)
   Alleman, Brady G CTR DISA EIIC (USA) (External)
   Anurag-HCL (Unverified)
   Steven (UC) (Unverified)
   Richard Maciel (Unverified)

Notes:

1. Provided a OVAL Language Management Update

2. Voted on and received approval OVAL board member nominations from
   ▪Dragos Prisaca from NIST
   ▪Boris Iordanov from CIS (replacing Justin Burr)
   ▪Jamaal Spearman from DISA
   ▪Brady Alleman from DISA
   ▪Daniel Harris from NIWC
   ▪John Ulmer from NIWC

3. Provided a SCAP 3.0 update with schedule

4. Voted on and received approval for usage of Github Discussions as a replacement of email listserver

5. Voted on and received approval for removing unused repositories in OVAL-Community (OVAL-6-WG, Repo-Meta-WG, Authoring-API)

6. Received approval to proceed with OVAL 5.12 and OVAL 6.0, further discussions required on branch vs repository

7. Suspended existing approval process for the time being, given hard deadlines of 30 Nov 2024 to complete OVAL 5.12 and OVAL 6.0. Single implementation and majority vote will suffice until this round of development stabilizes.

8. Voted on and approved reverting OVAL versioning away from platform versioning, and back to flat/simple versioning for all files.

9. Discussed potential changes for 5.12
   a. Additional discussions/votes for each high level change coming soon via Github Discussions

10. OVAL 6.0 definition changes discussed, further discussions and voting required.
    a. Pros and cons were discussed

11. Discussed NIWC’s prototype tool to convert SCAP 1.3 to 3.0 format, and demonstrated an example definition from 5.11.2 and draft 6.0

12. Digital signatures were discussed, stating that it was strongly recommended to verify digital signatures of content going forward, especially those using new shellcommand, powershellcommand and SQL tests.

Action Items:

1. Email Jack Vander Pol your team/group/company’s version of the OVAL test usage spreadsheet, documenting any known usage (content/application support/planned usage) of OVAL tests that current are slated for deprecation/removal.

OVAL_Test_Usage_in_Public_Content_Sept_2024.xlsx