Information Security News
mailing list archives
Getting the most out of automated IT security management
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 10 Jan 2012 01:48:02 -0600 (CST)
By William Jackson
Jan 09, 2012
The National Institute of Standards and Technology is updating
guidelines for using the Security Content Automation Protocol (SCAP) for
checking and validating security settings on IT systems.
SCAP is a NIST specification for expressing and manipulating security
data in standardized ways, including implementing security configuration
baselines, verifying patches and known vulnerabilities, continuous
monitoring of vulnerabilities and security configuration settings,
looking for signs of compromise, and determining the security posture of
Special Publication 800-117, Guide to Adopting and Using the Security
Content Automation Protocol Version 1.2, is being revised to provide an
overview of its use as well as guidance to vendors for adopting the
protocols in their products and services.
A draft of Revision 1 has been released for public comment.
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
- Getting the most out of automated IT security management InfoSec News (Jan 10)