Information Security News: Getting the most out of automated IT security management

Nmap Security Scanner
- Intro
- Ref Guide
- Install Guide
- Download
- Changelog
- Book
- Docs
Security Lists
- Nmap Hackers
- Nmap Dev
- Bugtraq
- Full Disclosure
- Pen Test
- Basics
- More
Security Tools
Site News
Advertising
About/Contact
Sponsors:

Information Security News mailing list archives

Getting the most out of automated IT security management

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 10 Jan 2012 01:48:02 -0600 (CST)

http://gcn.com/articles/2012/01/09/nist-scap-automated-security-management.aspx

By William Jackson
GCN.com
Jan 09, 2012

The National Institute of Standards and Technology is updatingguidelines for using the Security Content Automation Protocol (SCAP) forchecking and validating security settings on IT systems.

SCAP is a NIST specification for expressing and manipulating securitydata in standardized ways, including implementing security configurationbaselines, verifying patches and known vulnerabilities, continuousmonitoring of vulnerabilities and security configuration settings,looking for signs of compromise, and determining the security posture ofsystems.

Special Publication 800-117, Guide to Adopting and Using the SecurityContent Automation Protocol Version 1.2, is being revised to provide anoverview of its use as well as guidance to vendors for adopting theprotocols in their products and services.


A draft of Revision 1 has been released for public comment.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn

By Date By Thread

Current thread:

Getting the most out of automated IT security management InfoSec News (Jan 10)