.ckl exports won't open in STIG Viewer 2.7.1

[JeffOdegard]

.ckl files exported from Sagacity will not open properly in STIG Viewer 2.7.1, but they will open in the older 2.4.1. I went through and compared a Sagacity exported .ckl and one created by STIG Viewer 2.7.1, and the problem is with the finding status (\<STATUS>) - it was set to No_Data. Apparently 2.4.1 can handle it (and convert it to Not_Reviewed), but 2.7.1 cannot.

Change the status tags in the output as follows: No_Data --> Not_Reviewed False_Positive --> NotAFinding Exception --> Open No_Data --> Not_Reviewed

The only other allowed status is Not_Applicable.

Also, we should add a comment line at the second line of the xml file: \<!--Cyber Perspectives Sagacity :: 1.3.3-->

[godsgood33]

What do you want the comment line to say?

<!-- Generated using Sagacity {version} -->

[JeffOdegard]

I'll edit the writeup to make it appear. It looks like a tag to github...

On Wed, Oct 3, 2018 at 3:24 PM Ryan P notifications@github.com wrote:

What do you want the comment line to say?

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/cyberperspectives/sagacity/issues/49#issuecomment-426806609, or mute the thread https://github.com/notifications/unsubscribe-auth/Aoyyh3a09Niq-RKB3ABO5dSo1_S5gamLks5uhSsPgaJpZM4XGwHv .

--

• Jeff

---

Jeff Odegard jeff.odegard@gmail.com

[image: LinkedIn] https://www.linkedin.com/in/jeffodegard/ [image: Fakebook] https://www.facebook.com/jeff.odegard.98 [image: YouTube] https://www.youtube.com/user/OdegardOnline

[JeffOdegard]

Now the ckl files won't open in any of the STIG Viewer versions and all of the status' are Not_Reviewed.

grep "" *.ckl | cut -d: -f2 | sort -u

Not_Reviewed

STIG Viewer 2.8 is now available without a CAC: http://iasecontent.disa.mil/stigs/zip/U_STIGViewer_2-8.zip

[godsgood33]

This is in the STIG Viewer 2.8 change log...

-STIG Viewer validates checklists on import, depending upon a preference setting.

I found it...Options -> Preferences -> Checklist tab -> uncheck "Validate checklist" So this is a temporary fix. I will have to investigate further to find out why the XML violates the schema.

[JeffOdegard]

That solves opening it in STIG Viewer, but not the proprietary tools that the ASCA uses to parse the data. This is still a hot issue.

On Sat, Oct 27, 2018 at 9:13 AM Ryan P notifications@github.com wrote:

This is in the STIG Viewer 2.8 change log...

-STIG Viewer validates checklists on import, depending upon a preference setting.

I found it...Options -> Preferences -> Checklist tab -> uncheck "Validate checklist" So this is a temporary fix. I will have to investigate further to find out why the XML violates the schema.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/cyberperspectives/sagacity/issues/49#issuecomment-433629019, or mute the thread https://github.com/notifications/unsubscribe-auth/Aoyyh46d0DlhRMQfpd1XUMAhJOfBb8vuks5upHgKgaJpZM4XGwHv .

--

• Jeff

---

Jeff Odegard jeff.odegard@gmail.com

[image: LinkedIn] https://www.linkedin.com/in/jeffodegard/ [image: Fakebook] https://www.facebook.com/jeff.odegard.98 [image: YouTube] https://www.youtube.com/user/OdegardOnline

[godsgood33]

The first attached file is what Sagacity generates for importing into STIG Viewer (The target does not have any scan results, so everything will say Not Reviewed). The second file is a CKL generated from STIG Viewer after importing the Win 10 STIG.

Win7_Windows_10_STIG_manual_20181027.ckl.txt Win 10 STIG Viewer 2.8.ckl.txt

[godsgood33]

If the ASCA can provide you with a copy of the Schema they use to validate the XML then I should be able to troubleshoot it from there. I can't find a schema for STIG Viewer online. So right now, I am at a standstill...there is no reason why this shouldn't work.

[JeffOdegard]

Deltas between our .ckl and theirs:

• They use tabs instead of spaces for indentation (I had to change that for diff to work)
• Their first tag under \<ASSET> is \<ROLE>None\</ROLE>
• They have no

Those changes allowed it to be imported! (As I suspected, the tabs weren't critical - the other two changes in the Asset tag were.)

[godsgood33]

Please clarify the second bullet

[JeffOdegard]

Stupid markup...

[JeffOdegard]

Fixed by adding the ROLE tag = None and removing the HOST_GUID tag from export-ckl.php