New XCCDF Rule Group for CCP:

<Group id="ccp_addl">
     <title xml:lang="en-US">Addl Checks for RHT CCP Certification</title>
        <description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">
Description for Addl RHT CCP Checks.
        </description>
        <Rule id="non-rh_packages" selected="true" severity="low">
          <version>1</version>
          <title>All packages should be RH signed package</title>
      <rationale>This was checked in previous CCP image certification processes</rationale>
      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <check-content-ref name="oval:ssg:def:10101" href="ssg-rhel6-oval.new_ccp.xml"/>
          </check>
        </Rule>
  </Group>

New OVAL:

<definition class="compliance" id="oval:ssg:def:10101" version="1">
       <metadata>
          <title>Check for the existence of any non-Red Hat signed packages</title>
      <description>This definition is intended to evalutate to true if there are any packages installed on the system that are not signed by Red Hat.</description>
       </metadata>
      <criteria operator="AND">
         <criterion comment="Check for the existence of any non-Red Hat signed packages." test_ref="oval:ssg:tst:10101"/>
      </criteria>
    </definition>

   <linux:rpminfo_test check="all" check_existence="at_least_one_exists" id="oval:ssg:tst:10101" version="1" comment="Check for the existence of any non-Red Hat signed packages." >
       <linux:object object_ref="oval:ssg:obj:10101"/>
    </linux:rpminfo_test>

    <linux:rpminfo_object id="oval:ssg:obj:10101" version="1" comment="Collect all rpms and exclude those signed by Red Hat and exclude those from scap and openscap.">
       <linux:name operation="pattern match">.*</linux:name>
          <filter action="exclude">oval:ssg:ste:10101</filter>
<!-->
          <filter action="exclude">oval:ssg:ste:10102</filter>
          <filter action="exclude">oval:ssg:ste:10103</filter>
<-->  
    </linux:rpminfo_object>

   <linux:rpminfo_state id="oval:ssg:ste:10101" version="1" comment="This state matches any rpminfo_items that are signed by Red Hat.">
       <linux:signature_keyid operation="equals" var_ref="oval:ssg:var:10101" var_check="at least one"/>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg:ste:10102" version="1" comment="This state matches any rpminfo_items that are named openscap-.*">
       <linux:name operation="pattern match">openscap-.*</linux:name>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg:ste:10103" version="1" comment="This state matches any rpminfo_items that are named scap-.*">
       <linux:name operation="pattern match">scap-.*</linux:name>
    </linux:rpminfo_state>

 <constant_variable comment="This variable holds all of the Red Hat signature key IDs." datatype="string" id="oval:ssg:var:10101" version="1" >
       <!-->RHEL 5 Signature ID<-->
       <value>5326810137017186</value>
       <!--RHEL 6: 199e2f91fd431d51<-->
  </constant_variable>