Information about http://nvd.nist.gov/scap/workshop/04scarfone-FDCC-Publication-Overview-20080123.pdf

Overview of Planned FDCC and SCAP- Related Publications Karen…

Tags: automation program, common vulnerability scoring system, computer security resource, computer security resource center, csrc, cvss, description fields, description format, fdcc, interagency report, nist, operational environment, publication sp, related publications, revision 3, scarfone, securing microsoft windows, security configuration checklists program, security content, security resource center,
Pages: 5
Language: english
Created: Fri Jan 25 09:37:04 2008
Display cached document
Page 1
image
Page 2
image
Page 3
image
Page 4
image
Page 5
image
Overview of Planned
FDCC and SCAP-
Related Publications

Karen Scarfone, NIST
FDCC-Related Publications
 Update to NIST Special Publication (SP) 800-70,
 Security Configuration Checklists Program for IT
 Products: Guidance for Checklists Users and
 Developers
   Define the FDCC operational environment
   Add FDCC and SCAP checklist description fields
 Update to SP 800-68, Guidance for Securing
 Microsoft Windows XP Systems for IT Professionals
   Include FDCC as an operational environment
   Add an FDCC baseline
 New SP on securing Windows Vista systems
   Documents the FDCC baseline
   Describes some new security features of Vista
SCAP-Related Publications
 New SP on SCAP
   Define SCAP version 1
   Recommend how SCAP version 1 and its components
   should be used by Federal agencies
 SCAP SP will incorporate some existing publications
   Draft NIST Interagency Report (NISTIR) 7343, The
   Security Content Automation Program (SCAP): Automating
   Compliance Checking, Vulnerability Management, and
   Security Management, which was an early effort at
   describing SCAP
   SP 800-51, Use of the Common Vulnerabilities and
   Exposures (CVE) Vulnerability Naming Scheme, which
   recommends how Federal agencies should use CVE
SCAP-Related Publications
 Will create NISTIRs as needed
 Formally define SCAP components not defined
 elsewhere
   NISTIR 7275 Revision 3, Specification for Extensible
   Configuration Checklist Description Format (XCCDF)
   Version 1.1.4
 Explain how SCAP components can be tailored for
 Federal agency use
   NISTIR 7435, The Common Vulnerability Scoring System
   (CVSS) and Its Applicability to Federal Agency Systems
 No intention of creating NISTIRs for each SCAP
 component
Publication Links
 Computer Security Resource Center (CSRC)
 http://csrc.nist.gov/
 Special Publications
 http://csrc.nist.gov/publications/PubsSPs.html
 Interagency Reports
 http://csrc.nist.gov/publications/PubsNISTIRs.html



Questions?
karen.scarfone@nist.gov