← Cybersecurity Alphabet Soup

OVAL

Open Vulnerability and Assessment Language

operationshard

OVAL is a standardized language for describing how to check a system's state, such as whether a specific patch is installed or a vulnerable configuration exists. Security scanners use OVAL definitions to test machines the same way regardless of vendor, making assessment results consistent and comparable. Originally created by MITRE, it is now maintained by the Center for Internet Security and is a core component of SCAP.

Sources

More in operations