Home page logo
/

isn logo Information Security News mailing list archives

Getting the most out of automated IT security management
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 10 Jan 2012 01:48:02 -0600 (CST)

http://gcn.com/articles/2012/01/09/nist-scap-automated-security-management.aspx

By William Jackson
GCN.com
Jan 09, 2012

The National Institute of Standards and Technology is updating guidelines for using the Security Content Automation Protocol (SCAP) for checking and validating security settings on IT systems.

SCAP is a NIST specification for expressing and manipulating security data in standardized ways, including implementing security configuration baselines, verifying patches and known vulnerabilities, continuous monitoring of vulnerabilities and security configuration settings, looking for signs of compromise, and determining the security posture of systems.

Special Publication 800-117, Guide to Adopting and Using the Security Content Automation Protocol Version 1.2, is being revised to provide an overview of its use as well as guidance to vendors for adopting the protocols in their products and services.

A draft of Revision 1 has been released for public comment.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn


  By Date           By Thread  

Current thread:
  • Getting the most out of automated IT security management InfoSec News (Jan 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]