On 11/6/13, 9:50 AM, Steinke, Leland J Sr CTR DISA FSO (US) wrote:

The NIST SCAP Content Validation Tool threw errors on the system_info_architecture_x86* definitions (requirement ID 208).  This patch corrects the errors.


Regards,
--
Leland Steinke, Security+
DISA FSO Technical Support Contractor
tapestry technologies, Inc
717-267-5797 (DSN 570)
leland.j.steinke.ctr@mail.mil (gov't)
lsteinke@tapestrytech.com (com'l)

---
  .../input/checks/system_info_architecture_x86.xml  |    2 +-
  .../checks/system_info_architecture_x86_64.xml     |    2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/RHEL6/input/checks/system_info_architecture_x86.xml  
b/RHEL6/input/checks/system_info_architecture_x86.xml
index f05260a..393c4d6 100644
--- a/RHEL6/input/checks/system_info_architecture_x86.xml
+++ b/RHEL6/input/checks/system_info_architecture_x86.xml
@@ -1,5 +1,5 @@
  <def-group>
-  <definition class="miscellaneous" id="system_info_architecture_x86"
+  <definition class="compliance" id="system_info_architecture_x86"
    version="1">
      <!-- Note that this does not meet requirements for class=inventory as
           that only tests for patches per 5.10.1 Revision 1 -->
diff --git a/RHEL6/input/checks/system_info_architecture_x86_64.xml  
b/RHEL6/input/checks/system_info_architecture_x86_64.xml
index d4e681f..08481b5 100644
--- a/RHEL6/input/checks/system_info_architecture_x86_64.xml
+++ b/RHEL6/input/checks/system_info_architecture_x86_64.xml
@@ -1,5 +1,5 @@
  <def-group>
-  <definition class="miscellaneous" id="system_info_architecture_x86_64"
+  <definition class="compliance" id="system_info_architecture_x86_64"
    version="1">
      <!-- Note that this does not meet requirements for class=inventory as
           that only tests for patches per 5.10.1 Revision 1 -->

I'm not sure this is an error after reviewing the OVAL spec:
http://oval.mitre.org/language/version5.10/ovaldefinition/documentation/oval-common-schema.html#ClassEnumeration

- Compliance definitions are meant to describe "the state of a machine when in compliance with a specific policy."
- Miscellaneous definitions are used "to categorize a definition that doesn't fit into one of the other four classes," with the other four being compliance, inventory, patch, and vulnerability.

Since the system_info_architecture_x86* checks are called from other OVAL checks, such as audit_*, to test system architecture (versus testing for the compliance of being a specific architecture), the class definition of miscellaneous seems appropriate.

Or am I interpreting the spec incorrectly (....which is totally possible)?