[ISN] Getting the most out of automated IT security management

From: InfoSec News <alerts_at_private>
Date: Tue, 10 Jan 2012 01:48:02 -0600 (CST)
http://gcn.com/articles/2012/01/09/nist-scap-automated-security-management.aspx

By William Jackson
GCN.com
Jan 09, 2012

The National Institute of Standards and Technology is updating 
guidelines for using the Security Content Automation Protocol (SCAP) for 
checking and validating security settings on IT systems.

SCAP is a NIST specification for expressing and manipulating security 
data in standardized ways, including implementing security configuration 
baselines, verifying patches and known vulnerabilities, continuous 
monitoring of vulnerabilities and security configuration settings, 
looking for signs of compromise, and determining the security posture of 
systems.

Special Publication 800-117, Guide to Adopting and Using the Security 
Content Automation Protocol Version 1.2, is being revised to provide an 
overview of its use as well as guidance to vendors for adopting the 
protocols in their products and services.

A draft of Revision 1 has been released for public comment.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn
Received on Mon Jan 09 2012 - 23:48:02 PST

This archive was generated by hypermail 2.2.0 : Mon Jan 09 2012 - 23:50:00 PST