(Note: cross-posted to two mailing lists) jOVAL.org has just published OVAL schemas for nine new MacOS test types: * authorizationdb_test - provides access to plist information stored in the authorization database * corestorage_test - provides access to core storage information * gatekeeper_test - provides access to Gatekeeper information * keychain_test - provides access to keychain settings * launchd_test - enumerates launchd-initiated agents/daemons * rlimit_test - provides access to launchd resource limits * softwareupdate_test - provides access to softwareupdate list/schedule * systemprofiler_test - provides access to plist-format data from the system_profiler * systemsetup_test - provides access to system setup information See: https://github.com/joval/Sandbox/commit/827c2dec9a9c3db51860c288994f452381b3... Note, I think the keychain_test is potentially problematic, because desktop access is required in order to read another user's keychain (so someone can enter the keychain's password in the dialog box that pops up) -- meaning it can only be implemented by a host-based user-driven assessment tool. Anyway, any feedback (from the Apple community in particular) would be appreciated. Best regards, --David Solin -- jOVAL.org: SCAP Simplified. Learn More <http://www.joval.org> | Features <http://www.joval.org/features/> | Download <http://www.joval.org/download/>