The following is a description of the elements, types, and attributes that compose the SharePoint specific system characteristic items found in Open Vulnerability and Assessment Language (OVAL). Each item is an extension of the standard item element defined in the Core System Characteristic Schema. Through extension, each item inherits a set of elements and attributes that are shared amongst all OVAL Items. Each item is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core System Characteristic Schema is not outlined here. The SharePoint Component Schema is based on the SharePoint Object Model (Windows SharePoint Services 3.0) The OVAL Schema is maintained by the OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.cisecurity.org. SharePoint System Characteristics 5.11.1:1.1 11/30/2016 09:00:00 AM Copyright (c) 2016, Center for Internet Security. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at https://oval.cisecurity.org/terms. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included. This spwebapplication item stores information for security related features and permissions related to each web application. See the defintion of the SPWebApplication class in the SharePoint object model documentation. A string the represents the url that identifies the web application. A boolean that represents if a user can create connections between Web Parts. A boolean that represents if a user can create connections to Online Web Part Galleries. A single blockedfileextention for the application. An applicaiton may have zero or more blocked file extensions. A string the represents the default quota template for the web application. A boolean that represents if a user is allowed to participate in workflow by sending them a copy of the document. A boolean that represents if the recycle bin is enabled or disabled. A boolean that represents if the site can be automatically deleted. A boolean that represents if a self service site can be created. Size of the second stage recycle bin quota. The recyclebinretentionperiod is the retention period for the recyle bin. The string name of the outboundmailserver. The from address that is used when sending email. The reply to address that is used when sending email. A boolean that represents if a security validation can expire. The timeout is the amount of time before security validation expires in seconds. A boolean that specifies whether the current web application is the Central Administration web application. A string that represents the application pool name. A string that represents the application pool username. A boolean that represents if the permission to view the source of documents with server-side file handlers is available to the Web application. A boolean that represents if the permission to add items to lists, add documents to document libraries, and add Web discussion comments to the Web application. A boolean that represents if the permission to approve a minor version of a list item or document is available to the Web application. A boolean that represents if the permission to delete items from a list, documents from a document library, and Web discussion comments in documents is available to the Web application. A boolean that represents if the permission to delete past versions of a list item or document is available to the Web application. A boolean that represents if edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries is available to the Web application. A boolean that represents if the permission to create and delete lists, add or remove columns in a list, and add or remove public views of a list is available to the Web application. A boolean that represents if the permission to view past versions of a list item or document is available to the Web application. A boolean that represents if the permission to view items in lists, documents in document libraries, and view Web discussion commentsis available to the Web application. A boolean that represents if the permission to discard or check in a document which is checked out to another user is available to the Web application. A boolean that represents if the permission to Create e-mail alerts is available to the Web application. A boolean that represents if the permission to view forms, views, and application pages, and enumerate lists is available to the Web application. A boolean that represents if the permission to view pages in a Web site is available to the Web application. A boolean that represents if the permission to Apply a style sheet (.css file) to the Web site is available to the Web application. A boolean that represents if the permission to apply a theme or borders to the entire Web site is available to the Web application. A boolean that represents if the permission to enumerate files and folders in a Web site using Microsoft Office SharePoint Designer and WebDAV interfaces is available to the Web application. A boolean that represents if the permission to view information about users of the Web site is available to the Web application. A boolean that represents if the permission to create a group of users that can be used anywhere within the site collection is available to the Web application. A boolean that represents if the permission to create a Web site using Self-Service Site Creation is available to the Web application. A boolean that represents if the permission to allows a user to change his or her user information, such as adding a picture is available to the Web application. A boolean that represents if the permission to enumerate permissions on the Web site, list, folder, document, or list itemis is available to the Web application. A boolean that represents if the permission to manage alerts for all users of the Web site is available for the Web application. A boolean that represents if the permission to create and change permission levels on the Web site and assign permissions to users and groups is available to the Web application. A boolean that represents if the permission to create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites is available to the Web application. A boolean that represents if the permission to perform all administration tasks for the Web site as well as manage content is available to the Web application. A boolean that represents if the permission to allow users to open a Web site, list, or folder to access items inside that containeris available to the Web application. A boolean that represents if the permission to use features that launch client applications; otherwise, users must work on documents locally and upload changesis is available to the Web application. A boolean that represents if the permission to use SOAP, WebDAV, or Microsoft Office SharePoint Designer interfaces to access the Web siteis available to the Web application. A boolean that represents if the permission to view reports on Web site usage in documents is available to the Web application. A boolean that represents if the permission to Create, change, and delete personal views of lists is available to the Web application. A boolean that represents if the permission to add or remove personal Web Parts on a Web Part Page is available to the Web application. A boolean that represents if the permission to update Web Parts to display personalized informationis available to the Web application. This spgroup item stores information for security related features related to site groups A string the represents the url that identifies the site collection. A string the represents the name of a group in a site collection. A boolean that represents if sites can automatically accepts requests. A boolean that represents if owners other than the group owner can edit the membership of groups. A boolean that represents if owners other than the group owner can edit the membership of groups. This spweb item stores information for security related features related to site collections. A string that specifies a web site (the SPWeb object). A string that specifies a site collection. A string the represents the secondarysitecolladmin. A boolean that represents if the secondsitecolladmin is enabled. A boolean that represents if a anonymous access is allowed to the web site. An SPList represents a list of content on a Sharepoint web site. It consists of items or rows and columns or fields that contain data. The url that identifies the website. The irmenabled attribute tests to see if documents that leave the Sharepoint environment are protected. The enableversioning attribute specifies whether backup copies of files should be created and managed in the Sharepoint system. The nocrawl attribute indicates that this site should not be among those crawled and indexed. An SPAntivirusSettings Item represents the set of antivirus-related security settings on a Sharepoint server. The name of the SP Web Service for which to retrieve the antivirus settings or * for all web services. The default value is * which checks all SP Web services The Farm in which the SP Web Service resides. Specifies whether SharePoint users can download documents that are found to be infected. Specifies whether or not the virus scanner should attempt to cure infected files. Specifies whether files are scanned when they are downloaded. Specifies the number of threads that the virus scanner may use to perform virus scans. Specifies whether to skip document virus scanning during a search crawl. The amount of time before the virus scanner times out in seconds. Specifies whether files are scanned for viruses when they are uploaded. The current increment of the number of times the vendor has been updated. This spsiteadministration item stores information for security related features and permissions related to each top-level web sites. See the defintion of the SPSiteAdministration class in the SharePoint object model documentation. A string the represents the url that identifies the sitecollection application. The storagemaxlevel is the maximum storage allowed for the site. When the storagewarninglevel is reached a site collection receive advance notice before available storage is expended. This spsite item stores information for security related features for sites. See the defintion of the SPSite class in the SharePoint object model documentation. A string the represents the url that identifies the sitecollection application. The string that represents the name of the quota for a specific site collection. The spcrawlrule_item specifies rules that the SharePoint system follows when it crawls the content of sites stored within it. A URL that represents the resource (eg. sites, documents,etc.) on which the crawlrule tests should be run or * if the check should be run on all sites/documents on the server. Specifies whether the crawler should crawl content from a hierarchical content source, such as HTTP content. Specifies whether a particular crawl rule is enabled. Specifies whether the indexer should crawl websites that contain the question mark (?) character. The path to which a particular crawl rule applies. The priority setting for a particular crawl rule. Specifies whether the crawler should exclude the content of items that this rule applies to from the content index. A string containing the account name for the crawl rule. This represents the set of Job Definitions that are scheduled to run on each SharePoint Web Application 5.10 Replaced by the spjobdefinition510_item. This item does not uniquely identify a single job definition. A new state was created to use displaynames, which are unique. See the spjobdefinition510_item. This item has been deprecated and may be removed in a future version of the language. DEPRECATED ITEM: ID: The URI that represents the web application for which the IIS Settings should be checked. The name of the job as displayed in the SharePoint Central Administration site. Determines whether or not the job definition is enabled. Determines whether the job definition should be retried if it ends abnormally. The title of a job as displayed in the SharePoint Central Administration site. This represents the set of Job Definitions that are scheduled to run on each SharePoint Web Application The URI that represents the web application for which the IIS Settings should be checked. The name of the job as displayed in the SharePoint Central Administration site. Determines whether or not the job definition is enabled. Determines whether the job definition should be retried if it ends abnormally. The title of a job as displayed in the SharePoint Central Administration site. This represents the set of Best Bets for a site collection. The sitecollectionurl represents the URL for the site. The bestbeturl represents the URL for the best bet. The title of the Best Bet. The description of the Best Bet. This represents the set of Information Policies for a site collection. The sitecollectionurl represents the URL for the site. The id of the sitecollection poilicy. The name of the sitecollection poilicy. The description of the Information Policy. The long description of an Information Policy. This represents the set of diagnostic capabilities for Windows Sharepoint Services. The farm whose diagnostic capabilities should be checked. Use .* for all farms or SPFarm.Local for the local farm. The name of the diagnostic service as shown in the Sharepoint Central Administration site. The number of minutes to capture events to a single log file. This value lies in the range 0 to 1440. The default value is 30. The path to the file system directory where log files are created and stored. The value that indicates the number of log files to create. This lies in the range 0 to 1024 with a default of 96. The required property specifies whether an instance of the spdiagnosticsservice must be running on the farm. The friendly name for the service as displayed in the Central Administration and in logs. This should be "Windows Sharepoint Diagnostics Service" by default. The diagnostics level associated with a particular instance of a diagnostics service on a Sharepoint farm. The farm whose diagnostics levels should be checked. Use .* for all farms or SPFarm.Local for the local farm. The event severity setting for a particular diagnostic level category. Specifies whether the trace log category is hidden in the Windows Sharepoint Services Central Administration interface. A string that represents the ID of the trace log category. This is its English language name. The name of the trace log category. This represents the localized name for the category. The trace severity setting for a particular diagnostic level category. This represents a policy feature that is installed on the Sharepoint server farm. The farm whose policy features should be checked. Use .* for all farms or SPFarm.Local for the local farm. The URL to a web control used to edit policy instance-level settings. The default values for any policy instance-level settings for a policy feature. The short description of the policy feature and of the service it provides. The URL to a web control used to edit server farm-level settings for this policy feature. The default settings for any server farm-level settings for this policy feature. The policy feature group to which a policy feature belongs. The name to display in the Microsoft Office Sharepoint Server 2007 interface for an information policy feature. The name of the creator of the policy feature as it is displayed in the Microsoft Office Sharepoint Server 2007 user interface. Specifies whether the policy feature is hidden or visible. This represents a policy on the Sharepoint system. The URI that represents the web application for which policies should be checked. The zone for which policies should be checked. The user or group display name for a policy. This defaults to the user name if the display name cannot be resolved through Active Directory. Specifies whether the user identified by a particular policy is visible only as a System account within the Windows Sharepoint Services user interface. The user name of the user or group that is associated with policy. The policy role type to apply globally in a Sharepoint web application to a user or group. The EntityItemUrlZoneType restricts a string value to a set of values that describe the different IIS Url Zones. The empty string is also allowed to support empty element associated with error conditions. The empty string value is permitted here to allow for detailed error reporting. The EntityItemEventSeverityType restricts a string value to a set of values that describe the different states that can be configured for a diagnostics level event severity level property of the diagnostics service. The empty string value is permitted here to allow for detailed error reporting. The EntityItemTraceSeverityType restricts a string value to a set of values that describe the different states that can be configured for a diagnostics level trace severity level property of the diagnostics service. The empty string value is permitted here to allow for detailed error reporting. The EntityItemPolicyFeatureStateType restricts a string value to a set of values that describe the different states that can be configured for a policy feature. Specifies that the policy feature is hidden from the Sharepoint Central Administration user interface. Specifies that the policy feature is visible from the Sharepoint Central Administration user interface. The empty string value is permitted here to allow for detailed error reporting. The EntityItemPolicyRoleType restricts a string value to a set of values that describe the different Policy settings for Access Control that are available for users. Deny all rights. Deny write permissions. Grant full control. Grant full read permissions. No role type assigned. The empty string value is permitted here to allow for detailed error reporting.