The invention is in the field of data processing (computing) systems, and more particularly in the field of testing computing systems for compliance with configuration requirements.
Compliance testing is used to compare the actual configuration of a computer to a specified or “benchmark” configuration. In some cases, for example, an organization such as the government or a corporation may require that a computer have a particular configuration to satisfy security or interoperability needs. The benchmark configuration may identify various hardware and software elements required for compliance, as well as required values of attributes of the elements. For example, a benchmark may identify an operating system (element) as well as a revision level (attribute) of the operating system that is known to provide certain security-related functionality.
The US government sponsors a suite of security-related specifications and other resources under an umbrella known as Security Content Automation Protocol or SCAP. Included in this suite are XML-based languages for expressing configuration benchmarks and compliance testing. SCAP techniques have been used for compliance testing computers such as government-issued portable computers, as well as for other components of data processing systems such as network switches.