OVAL® International in scope and free for public use, OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community.

Tools and services that use OVAL for the three steps of system assessment — representing system information, expressing specific machine states, and reporting the results of an assessment — provide enterprises with accurate, consistent, and actionable information so they may improve their security. Use of OVAL also provides for reliable and reproducible information assurance metrics and enables interoperability and automation among security tools and services.

OVAL in the Enterprise

Focus On

Join the OVAL Community!

System administrators, software vendors, security analysts, developers, and other members of the information security community are invited to participate in the OVAL effort by joining our email news and discussion lists:

  • OVAL-Announce — General news about OVAL.
  • OVAL Developer’s Forum — Lightly moderated public forum for discussing the OVAL Language, and its implementation and inclusion in tools and services.
  • OVAL Repository Forum — Lightly moderated public forum for discussing new and previously posted OVAL Repository content, as well the issues that affect the writing of OVAL Definitions.

View our Privacy Policy.

Page Last Updated: March 08, 2013