This schema defines the eXtensible Configuration Checklist Description Format (XCCDF), a data format for defining security benchmarks and checklists, and for recording the results of applying such benchmarks. For more information, consult the specification document, "Specification for the Extensible Configuration Checklist Description Format", version 1.0. This schema was developed by Neal Ziring, with assistance from David Waltermire. The following individuals contributed ideas to the construction of this schema: David Proulx, Andrew Buttner, and Ryan Wilson. 1.0 Import the XML namespace because this schema uses the xml:lang and xml:base attributes. Import the simple Dublin Core namespace because this schema uses it for benchmark metadata and for references. Import the CIS platform schema, which we use for describing target IT platforms in the Benchmark. The CIS platform schema was designed by David Waltermire. The benchmark tag is the top level element representing a complete security checklist, including descriptive text and test items. Legal notices must have unique id values. Items must have unique id values. Value item ids are special keys, need this for the valueIdKeyRef keyref below. Rule items have a unique key, we need this for the ruleIdKeyRef keyref below. (Rule key refs are used by rule-results.) Group and Rule item ids are special keys, we need this for the requiresIdKeyRef keyref below. Profile objects have a unique id, it is used for extension, too. Platform-definitions have a unique id, it is used from the platform element and fix element. Check-export elements must reference existing values. Sub elements must reference existing Value ids. The rule-result element idref must refer to an existing Rule. The requires element idref must refer to an existing Group or Rule. The requires a profile element in a TestResult element to refer to an existing Profile The platform element idref attribute must refer to an existing cdfp:platform-definition. The fix element attribute platform must refer to an existing platform-definition. Data type for legal notice element that has text content and a unique id attribute. Data type for a reference citation, an href URL attribute (optional), with content of text or simple Dublin Core elements. XML-Signature over the Benchmark; note that this will always be an 'enveloped' signature, so the single element child of this element should be dsig:Signature. Metadata for the Benchmark, should be Dublin Core or some other well-specified and accepted metadata format. If Dublin Core, then it will be a sequence of simple Dublin Core elements. The acceptance status of an Item with an optional date attribute that signifies the date of the status change. The possible status codes for an Benchmark or Item to be inherited from the parent element if it is not defined. Type for a string with an xml:lang attribute. Type for a string with XHTML elements and xml:lang attribute. Type for a string with embedded Value substitutions and XHTML elements, and an xml:lang attribute. Type for a string with embedded Value substitutions and XHTML elements, and an xml:lang attribute. Data type for elements that have no content, just a mandatory id reference. Type element type imposes constraints shared by all Groups, Rules and Values. The itemType is abstract, so the element Item can never appear in a valid XCCDF document. This abstract item type represents the basic data shared by all Groups, Rules and Values This abstract item type represents the basic data shared by all Groups and Rules. It extends the itemType given above. Data type for the Group element that represents a grouping of Groups, Rules and Values. Data type for the Rule element that represents a specific benchmark test. Type for a string with embedded Value and instance substitutions and an optional platform id ref attribute, but no embedded XHTML markup. The platform attribute should refer to a platform-definition element in the platform-definitions child of the Benchmark. Data type for the check element, a checking system specification URI, and XML content. Data type for the check-export element, which specifies a mapping between an XCCDF internal Value id and a value name to be used by the checking system or processor. Data type for the check-content-ref element, which points to the code for a detached check in another file. This element has no body, just a couple of attributes: href and name. The name is optional, if it does not appear then this reference is to the entire other document. Data type for the check-content element, which holds the actual code of an enveloped check in some other (non-XCCDF) language. This element can hold almost anything; XCCDF tools do not process its content directly. Data type for a Rule's weight, a non-negative real number. Data type for the Value element that represents a tailorable string, numeric, or boolean value in the Benchmark. The choice element specifies a list of legal or suggested choices for a Value object. It holds one or more choice elements, a mustMatch attribute,n and a selector attribute. This type is for an element that has string content and a selector attribute. It is used for some of the child elements of Value. This type is for an element that has numeric content and a selector attribute. It is used for two of the child elements of Value. Allowed data types for Values, just string, numeric, and true/false. Allowed operators for Values. Note that most of these are valid only for numeric data, but the schema doesn't enforce that. Data type for the Profile element, which holds a specific tailoring of the Benchmark. Type for the select element in a Profile; all it has are two attributes, no content. The two attributes are 'idref' which refers to a Group or Rule, and 'selected' which is boolean. Type for the set-value element in a Profile; it has one attribute and string content. The attribute is 'idref' which refers to a Value. Type for the refine-value element in a Profile; all it has are two attributes, no content. The two attributes are 'idref' which refers to a Value and 'selector' which designates certain element children of the Value. Data type for the TestResult element, which holds the results of one application of the Benchmark. This element holds all the information about the application of one rule to a target. It may only appear as part of a TestResult object. Type for a message generated by the checking engine or XCCDF tool during benchmark testing. Content is string plus required severity attribute. Allowed values for message severity. Allowed result indicators for a test, just four possibilities: pass = the test passed, target complies w/ benchmark fail = the test failed, target does not comply error= an error occurred and test could not complete, or the test does not apply to this plaform unknown= could not tell what happened