The following is a description of the elements, types, and attributes that compose the SharePoint specific system characteristic items found in Open Vulnerability and Assessment Language (OVAL). Each item is an extension of the standard item element defined in the Core System Characteristic Schema. Through extension, each item inherits a set of elements and attributes that are shared amongst all OVAL Items. Each item is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core System Characteristic Schema is not outlined here. The SharePoint Component Schema is based on the SharePoint Object Model (Windows SharePoint Services 3.0) The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org. SharePoint System Characteristics 5.6 9/9/2009 9:44:37 AM Copyright (c) 2002-2009, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included. This spwebapplication item stores information for security related features and permissions related to each web application. See the defintion of the SPWebApplication class in the SharePoint object model documentation. A string the represents the url that identifies the web application. item - datatype attribute for the webapplicationurl entity of a spwebapplication_item should be 'string' A boolean that represents if a user can create connections between Web Parts. item - datatype attribute for the allowparttopartcommunication entity of an spwebapplication_item should be 'boolean' A boolean that represents if a user can create connections to Online Web Part Galleries. item - datatype attribute for the allowaccesstowebpartcatalog entity of an spwebapplication_item should be 'boolean' A single blockedfileextention for the application. An applicaiton may have zero or more blocked file extensions. item - datatype attribute for the blockedfileextention entity of a spwebapplication_item should be 'string' A string the represents the default quota template for the web application. item - datatype attribute for the defaultquotatemplate entity of a spwebapplication_item should be 'string' A boolean that represents if a user is allowed to participate in workflow by sending them a copy of the document. item - datatype attribute for the externalworkflowparticipantsenabled entity of an spwebapplication_item should be 'boolean' A boolean that represents if the recycle bin is enabled or disabled. item - datatype attribute for the recyclebinenabled entity of an spwebapplication_item should be 'boolean' A boolean that represents if the site can be automatically deleted. item - datatype attribute for the automaticallydeleteunusedsitecollections entity of an spwebapplication_item should be 'boolean' A boolean that represents if a self service site can be created. item - datatype attribute for the selfservicesitecreationenabled entity of an spwebapplication_item should be 'boolean' Size of the second stage recycle bin quota. item - datatype attribute for the secondstagerecyclebinquota entity of a spwebapplication_item should be 'int' The recyclebinretentionperiod is the retention period for the recyle bin. item - datatype attribute for the recyclebinretentionperiod entity of a spwebapplication_item should be 'int' The name of the outboundmailserver. item - datatype attribute for the outboundmailserverinstance entity of a spwebapplication_item should be 'string' The from address that is used when sending email. item - datatype attribute for the outboundmailsenderaddress entity of a spwebapplication_item should be 'string' The reply to address that is used when sending email. item - datatype attribute for the outboundmailreplytoaddress entity of a spwebapplication_item should be 'string' A boolean that represents if a security validation can expire. item - datatype attribute for thesecvalexpires entity of an spwebapplication_item should be 'boolean' The timeout is the amount of time before security validation expires. item - datatype attribute for the timeout entity of a spwebapplication_item should be 'int' A boolean that specifies whether the current web application is the Central Administration web application. item - datatype attribute for the isadministrationwebapplication entity of an spwebapplication_item should be 'boolean' A string that represents the application pool name. item - datatype attribute for the applicationpoolname entity of a spwebapplication_item should be 'string' A string that represents the application pool username. item - datatype attribute for the applicationpoolusername entity of a spwebapplication_item should be 'string' A boolean that represents if the permission to view the source of documents with server-side file handlers is available to the Web application. item - datatype attribute for the openitems entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to add items to lists, add documents to document libraries, and add Web discussion comments to the Web application. item - datatype attribute for the addlistitems entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to approve a minor version of a list item or document is available to the Web application. item - datatype attribute for the approveitems entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to delete items from a list, documents from a document library, and Web discussion comments in documents is available to the Web application. item - datatype attribute for the deletelistitems entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to delete past versions of a list item or document is available to the Web application. item - datatype attribute for the deleteversions entity of an spwebapplication_item should be 'boolean' A boolean that represents if edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries is available to the Web application. item - datatype attribute for the editlistitems entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to create and delete lists, add or remove columns in a list, and add or remove public views of a list is available to the Web application. item - datatype attribute for the managelists entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to view past versions of a list item or document is available to the Web application. item - datatype attribute for the viewversions entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to view items in lists, documents in document libraries, and view Web discussion commentsis available to the Web application. item - datatype attribute for the viewlistitems entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to discard or check in a document which is checked out to another user is available to the Web application. item - datatype attribute for the cancelcheckout entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to Create e-mail alerts is available to the Web application. item - datatype attribute for the createalerts entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to view forms, views, and application pages, and enumerate lists is available to the Web application. item - datatype attribute for the viewformpages entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to view pages in a Web site is available to the Web application. item - datatype attribute for the viewpages entity of an spwebapplication_item should be 'boolean' item - datatype attribute for the addandcustomizepages entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to Apply a style sheet (.css file) to the Web site is available to the Web application. item - datatype attribute for the applystylesheets entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to apply a theme or borders to the entire Web site is available to the Web application. item - datatype attribute for the applythemeandborder entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to enumerate files and folders in a Web site using Microsoft Office SharePoint Designer 2007 and WebDAV interfaces is available to the Web application. item - datatype attribute for the browsedirectories entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to view information about users of the Web site is available to the Web application. item - datatype attribute for the browseuserinfo entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to create a group of users that can be used anywhere within the site collection is available to the Web application. item - datatype attribute for the creategroups entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to create a Web site using Self-Service Site Creation is available to the Web application. item - datatype attribute for the createsscsite entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to allows a user to change his or her user information, such as adding a picture is available to the Web application. item - datatype attribute for the editmyuserinfo entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to enumerate permissions on the Web site, list, folder, document, or list itemis is available to the Web application. item - datatype attribute for the enumeratepermissions entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to manage alerts for all users of the Web site is available for the Web application. item - datatype attribute for the managealerts entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to create and change permission levels on the Web site and assign permissions to users and groups is available to the Web application. item - datatype attribute for the managepermissions entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites is available to the Web application. item - datatype attribute for the managesubwebs entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to perform all administration tasks for the Web site as well as manage content is available to the Web application. item - datatype attribute for the manageweb entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to allow users to open a Web site, list, or folder to access items inside that containeris available to the Web application. item - datatype attribute for the open entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to use features that launch client applications; otherwise, users must work on documents locally and upload changesis is available to the Web application. item - datatype attribute for the useclientintegration entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to use SOAP, WebDAV, or Microsoft Office SharePoint Designer 2007 interfaces to access the Web siteis available to the Web application. item - datatype attribute for the useremoteapis entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to view reports on Web site usage in documents is available to the Web application. item - datatype attribute for the viewusagedata entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to Create, change, and delete personal views of lists is available to the Web application. item - datatype attribute for the managepersonalviews entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to add or remove personal Web Parts on a Web Part Page is available to the Web application. item - datatype attribute for the adddelprivatewebparts entity of an spwebapplication_item should be 'boolean' A boolean that represents if the permission to update Web Parts to display personalized informationis available to the Web application. item - datatype attribute for the updatepersonalwebparts entity of an spwebapplication_item should be 'boolean' This spgroup item stores information for security related features related to site groups A string the represents the url that identifies the site collection. item - datatype attribute for the sitecollectionurl entity of a spgroup_item should be 'string' A string the represents the name of a group in a site collection. item - datatype attribute for the gname entity of a spgroup_item should be 'string' A boolean that represents if sites can automatically accepts requests. item - datatype attribute for the autoacceptrequesttojoinleave entity of an spgroup_item should be 'boolean' A boolean that represents if owners other than the group owner can edit the membership of groups. item - datatype attribute for the allowmemberseditmembership entity of an spgroup_item should be 'boolean' A boolean that represents if owners other than the group owner can edit the membership of groups. item - datatype attribute for the onlyallowmembersviewmembership entity of an spgroup_item should be 'boolean' This spweb item stores information for security related features related to site collections. A string the represents the Web application url. item - datatype attribute for the webapplicationurl entity of a spgroup_item should be 'string' A string the represents the sitecollection url. item - datatype attribute for the sitecollectionurl entity of a spgroup_item should be 'string' A string the represents the secondarysitecolladmin. item - datatype attribute for the secondarysitecolladmin entity of a spgroup_item should be 'string' A boolean that represents if the secondsitecolladmin is enabled. item - datatype attribute for the secondsiteadminenabled entity of an spweb_item should be 'boolean' A boolean that represents if a anonymous access is allowed to the web site. item - datatype attribute for the allowanonymousaccess entity of an spweb_item should be 'boolean' An SPList represents a list of content on a Sharepoint web site. It consists of items or rows and columns or fields that contain data. The url that identifies the website. item - datatype attribute for the websiteurl entity of a splist_item should be 'string' The irmenabled attribute tests to see if documents that leave the Sharepoint environment are protected. item - datatype attribute for the irmenabled entity of an splist_item should be 'boolean' The enableversioning attribute specifies whether backup copies of files should be created and managed in the Sharepoint system. item - datatype attribute for the enableversioning entity of an splist_item should be 'boolean' The nocrawl attribute indicates that this site should not be among those crawled and indexed. item - datatype attribute for the nocrawl entity of an splist_item should be 'boolean' An SPAntivirusSettings Item represents the set of antivirus-related security settings on a Sharepoint server. The name of the SP Web Service for which to retrieve the antivirus settings or * for all web services. The default value is * which checks all SP Web services item - datatype attribute for the spwebservicename entity of a spantivirussettings_item should be 'string' The Farm in which the SP Web Service resides. item - datatype attribute for the spfarmname entity of a spantivirussettings_item should be 'string' Specifies whether SharePoint users can download documents that are found to be infected. item - datatype attribute for the allowdownload entity of an spantivirussettings_item should be 'boolean' Specifies whether or not the virus scanner should attempt to cure infected files. item - datatype attribute for the cleaningenabled entity of an spantivirussettings_item should be 'boolean' Specifies whether files are scanned when they are downloaded. item - datatype attribute for the downloadscanenabled entity of an spantivirussettings_item should be 'boolean' Specifies the number of threads that the virus scanner may use to perform virus scans. item - datatype attribute for the numberofthreads entity of an spantivirussettings_item should be 'integer' Specifies whether to skip document virus scanning during a search crawl. item - datatype attribute for the skipsearchcrawl entity of an spantivirussettings_item should be 'boolean' The amount of time before the virus scanner times out. item - datatype attribute for the timeout entity of an spantivirussettings_item should be 'integer' Specifies whether files are scanned for viruses when they are uploaded. item - datatype attribute for the uploadscanenabled entity of an spantivirussettings_item should be 'boolean' The current increment of the number of times the vendor has been updated. item - datatype attribute for the vendorupdatecount entity of an spantivirussettings_item should be 'integer' This spsiteadministration item stores information for security related features and permissions related to each top-level web sites. See the defintion of the SPSiteAdministration class in the SharePoint object model documentation. A string the represents the url that identifies the sitecollection application. item - datatype attribute for the sitecollectionurl entity of a spsiteadministration_item should be 'string' The storagemaxlevel is the maximum storage allowed for the site. item - datatype attribute for the storagemaxlevel entity of a spsiteadministration_item should be 'int' When the storagewarninglevel is reached a site collection receive advance notice before available storage is expended. item - datatype attribute for the storagewarninglevel entity of a spwebapplication_item should be 'int' This spsite item stores information for security related features for sites. See the defintion of the SPSite class in the SharePoint object model documentation. A string the represents the url that identifies the sitecollection application. item - datatype attribute for the sitecollectionurl entity of a spsite_item should be 'string' The string that represents the name of the quota for a specific site collection. item - datatype attribute for the quotaname entity of a spsite_item should be 'string' item - datatype attribute for the url entity of a spsite_item should be 'string' The spcrawlrule_item specifies rules that the SharePoint system follows when it crawls the content of sites stored within it. A URL that represents the resource (eg. sites, documents,etc.) on which the crawlrule tests should be run or * if the check should be run on all sites/documents on the server. item - datatype attribute for the spsiteurl entity of a spcrawlrule_item should be 'string' Specifies whether the crawler should crawl content from a hierarchical content source, such as HTTP content. item - datatype attribute for the crawlashttp entity of an spcrawlrule_item should be 'boolean' Specifies whether a particular crawl rule is enabled. item - datatype attribute for the enabled entity of an spcrawlrule_item should be 'boolean' Specifies whether the indexer should crawl websites that contain the question mark (?) character. item - datatype attribute for the followcomplexurls entity of an spcrawlrule_item should be 'boolean' The path to which a particular crawl rule applies. item - datatype attribute for the path entity of a spcrawlrule_item should be 'string' The priority setting for a particular crawl rule. item - datatype attribute for the priority entity of an spcrawlrule_item should be 'integer' Specifies whether the crawler should exclude the content of items that this rule applies to from the content index. item - datatype attribute for the suppressindexing entity of an spcrawlrule_item should be 'boolean' A string containing the account name for the crawl rule. item - datatype attribute for the accountname entity of a spcrawlrule_item should be 'string' This represents the set of Job Definitions that are scheduled to run on each SharePoint Web Application The URI that represents the web application for which the IIS Settings should be checked. item - datatype attribute for the webappuri entity of a spjobdefinition_item should be 'string' The name of the job as displayed in the SharePoint Central Administration site. item - datatype attribute for the displayname entity of a spjobdefinition_item should be 'string' Determines whether or not the job definition is enabled. item - datatype attribute for the isdisabled entity of an spjobdefinition_item should be 'boolean' Determines whether the job definition should be retried if it ends abnormally. item - datatype attribute for the retry entity of an spjobdefinition_item should be 'boolean' The title of a job as displayed in the SharePoint Central Administration site. item - datatype attribute for the title entity of a spjobdefinition_item should be 'string' This represents the set of Best Bets for a site collection. The sitecollectionurl represents the URL for the site. item - datatype attribute for the sitecollectionurl entity of a bestbet_item should be 'string' The bestbeturl represents the URL for the best bet. item - datatype attribute for the bestbeturl entity of a bestbet_item should be 'string' The title of the Best Bet. item - datatype attribute for the title entity of a bestbet_item should be 'string' The description of the Best Bet. item - datatype attribute for the description entity of a bestbet_item should be 'string' This represents the set of Information Policies for a site collection. The sitecollectionurl represents the URL for the site. item - datatype attribute for the sitecollectionurl entity of a policycoll_item should be 'string' The id of the sitecollection poilicy. item - datatype attribute for the id entity of a policycoll_item should be 'string' The name of the sitecollection poilicy. item - datatype attribute for the name entity of a policycoll_item should be 'string' The description of the Information Policy. item - datatype attribute for the description entity of a policycoll_item should be 'string' The long description of an Information Policy. item - datatype attribute for the longdesc entity of a infopolicy_item should be 'string' This represents the set of diagnostic capabilities for Windows Sharepoint Services. The farm whose diagnostic capabilities should be checked. Use .* for all farms or SPFarm.Local for the local farm. item - datatype attribute for the farmname entity of a spdiagnosticsservice_item should be 'string' The name of the diagnostic service as shown in the Sharepoint Central Administration site. item - datatype attribute for the displayname entity of a spdiagnosticsservice_item should be 'string' The number of minutes to capture events to a single log file. This value lies in the range 0 to 1440. The default value is 30. item - datatype attribute for the logcutinterval entity of a spdiagnosticsservice_item should be 'integer' The path to the file system directory where log files are created and stored. item - datatype attribute for the loglocation entity of a spdiagnosticsservice_item should be 'string' The value that indicates the number of log files to create. This lies in the range 0 to 1024 with a default of 96. item - datatype attribute for the logstokeep entity of a spdiagnosticsservice_item should be 'integer' The required property specifies whether an instance of the spdiagnosticsservice must be running on the farm. item - datatype attribute for the required entity of an spdiagnosticsservice_item should be 'boolean' The friendly name for the service as displayed in the Central Administration and in logs. This should be "Windows Sharepoint Diagnostics Service" by default. item - datatype attribute for the typename entity of a spdiagnosticsservice_item should be 'string' The diagnostics level associated with a particular instance of a diagnostics service on a Sharepoint farm. The farm whose diagnostics levels should be checked. Use .* for all farms or SPFarm.Local for the local farm. item - datatype attribute for the farmname entity of a spdiagnosticslevel_item should be 'string' The event severity setting for a particular diagnostic level category. item - datatype attribute for the eventseverity entity of a spdiagnosticslevel_item should be 'string' Specifies whether the trace log category is hidden in the Windows Sharepoint Services Central Administration interface. item - datatype attribute for the hidden entity of an spdiagnosticslevel_item should be 'boolean' A string that represents the ID of the trace log category. This is its English language name. item - datatype attribute for the levelid entity of a spdiagnosticslevel_item should be 'string' The name of the trace log category. This represents the localized name for the category. item - datatype attribute for the levelname entity of a spdiagnosticslevel_item should be 'string' The trace severity setting for a particular diagnostic level category. item - datatype attribute for the traceseverity entity of a spdiagnosticslevel_item should be 'string' This represents a policy feature that is installed on the Sharepoint server farm. The farm whose policy features should be checked. Use .* for all farms or SPFarm.Local for the local farm. item - datatype attribute for the farmname entity of a sppolicyfeature_item should be 'string' The URL to a web control used to edit policy instance-level settings. item - datatype attribute for the configpage entity of a sppolicyfeature_item should be 'string' The default values for any policy instance-level settings for a policy feature. item - datatype attribute for the defaultcustomdata entity of a sppolicyfeature_item should be 'string' The short description of the policy feature and of the service it provides. item - datatype attribute for the description entity of a sppolicyfeature_item should be 'string' The URL to a web control used to edit server farm-level settings for this policy feature. item - datatype attribute for the globalconfigpage entity of a sppolicyfeature_item should be 'string' The default settings for any server farm-level settings for this policy feature. item - datatype attribute for the globalcustomdata entity of a sppolicyfeature_item should be 'string' The policy feature group to which a policy feature belongs. item - datatype attribute for the group entity of a sppolicyfeature_item should be 'string' The name to display in the Microsoft Office Sharepoint Server 2007 interface for an information policy feature. item - datatype attribute for the name entity of a sppolicyfeature_item should be 'string' The name of the creator of the policy feature as it is displayed in the Microsoft Office Sharepoint Server 2007 user interface. item - datatype attribute for the publisher entity of a sppolicyfeature_item should be 'string' Specifies whether the policy feature is hidden or visible. item - datatype attribute for the state entity of a sppolicyfeature_item should be 'string' This represents a policy on the Sharepoint system. The URI that represents the web application for which policies should be checked. item - datatype attribute for the webappuri entity of a sppolicy_item should be 'string' The zone for which policies should be checked. item - datatype attribute for the urlzone entity of a sppolicy_item should be 'string' The user or group display name for a policy. This defaults to the user name if the display name cannot be resolved through Active Directory. item - datatype attribute for the displayname entity of a sppolicy_item should be 'string' Specifies whether the user identified by a particular policy is visible only as a System account within the Windows Sharepoint Services user interface. item - datatype attribute for the issystemuser entity of an sppolicy_item should be 'boolean' The user name of the user or group that is associated with policy. item - datatype attribute for the username entity of a sppolicy_item should be 'string' The policy role type to apply globally in a Sharepoint web application to a user or group. item - datatype attribute for the policyroletype entity of a sppolicy_item should be 'string' The EntityItemUrlZoneType restricts a string value to a set of values that describe the different IIS Url Zones. The empty string is also allowed to support empty element associated with error conditions. The empty string value is permitted here to allow for detailed error reporting. The EntityItemEventSeverityType restricts a string value to a set of values that describe the different states that can be configured for a diagnostics level event severity level property of the diagnostics service. The empty string value is permitted here to allow for detailed error reporting. The EntityItemTraceSeverityType restricts a string value to a set of values that describe the different states that can be configured for a diagnostics level trace severity level property of the diagnostics service. The empty string value is permitted here to allow for detailed error reporting. The EntityItemPolicyFeatureStateType restricts a string value to a set of values that describe the different states that can be configured for a policy feature. Specifies that the policy feature is hidden from the Sharepoint Central Administration user interface. Specifies that the policy feature is visible from the Sharepoint Central Administration user interface. The empty string value is permitted here to allow for detailed error reporting. The EntityItemPolicyRoleType restricts a string value to a set of values that describe the different Policy settings for Access Control that are available for users. Deny all rights. Deny write permissions. Grant full control. Grant full read permissions. No role type assigned. The empty string value is permitted here to allow for detailed error reporting.