Search This Blog

Wednesday, March 12, 2008

SCAP Narrows Security Gap

Released by NIST last spring, the Security Content Automation Protocol
(SCAP) is a suite of tools to help automate vulnerability management
and evaluate compliance with federal information technology security
requirements. It is an expansion of the National Vulnerability Database
with an automated checklist that uses a collection of recognized
standards for naming software flaws and configuration problems in
specific products. SCAP has done a lot to help agencies in the uphill
battle against security vulnerabilities, but it hasn't yet gotten them
over the top. NIST is now accrediting independent labs for a SCAP product
evaluation program, vendors are producing scanning tools using the
protocol, and agencies are using them to automate compliance with IT
security regulations. The more mature standards in the suite include:
(1) The Common Vulnerabilities and Exposures Standard (CVE) from Mitre,
which provides standard identifiers and a dictionary for security
vulnerabilities related to software flaws. (2) Open Vulnerability and
Assessment Language (OVAL), also from Mitre, a standard Extensible
Markup Language for security testing procedures and reporting. (3)
Extensible Configuration Checklist Description Format from the National
Security Agency and NIST, a standard XML for specifying checklists
and reporting results. (4) Common Vulnerability Scoring System from
the Forum of Incident Response and Security Teams, a standard for
conveying and scoring the impact of vulnerabilities. Less mature
standards are: (5) Common Configuration Enumeration from Mitre,
standard identifiers and dictionary for system security configuration
issues. (6) Common Platform Enumeration from Mitre, standard identifiers
and a dictionary for platform and product naming.

1 comment:

Melinda said...

This tool is so secure at least that's what my uncle told me, he says that security program is also called buy Cialis I don't know if that is truth I wanna know more about it.