Contact: Evelyn Brown
301-975-5661
Researchers at the National Institute of Standards and Technology (NIST) have released for public comment updated specifications for the Security Content Automation Protocol (SCAP), which helps organizations find and manage computer-system vulnerabilities more effectively by standardizing the way vulnerabilities are identified, prioritized and reported.
SCAP unites and organizes a collection of computer security specifications and reference data to support automated security programs that check vulnerabilities in information systems, such as configuration errors, missing software "patches," misapplied security settings and many others. SCAP-based security tools are particularly valuable for securing large, complex information systems and organizations with many distributed computing systems.
System operations and security professionals use SCAP-based software products to determine the system's status, particularly information about software flaws and security configuration information in an efficient, accurate way. For example, SCAP enables automated assessment of software patches present on a system that identifies the potential security risk to an organization due to an unpatched vulnerability. Using SCAP, information system administrators can address critical vulnerabilities mitigating the risk of attack.
In The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 (NIST Special Publication 800-126 Revision 2) some underlying specifications have been enhanced in response to requests from SCAP content authors and product developers. SCAP has been updated to incorporate three new underlying specifications to the protocol that add asset reporting, asset identification and a digital trust model to help ensure the integrity of SCAP data itself.
Continue reading......
No comments:
Post a Comment