SlideShare ist ein Scribd-Unternehmen logo

Concept scap

Als PPTX, PDF herunterladen
M
minh pham

note scap

1 von 8
Datastream http://martin.preisler.me/category/scap/page/2 Datastream can be thought of as an archive of interlinked SCAP content(XCCDF,OVAL,CPE,…)
Type of datastream • Source datastream (SDS) • Result datastream (ARF) >> The scanner takes a SDS, evaluates and gives results in the ARF format back.
Source Datastream • Has a root element called “data-stream-collection”. • “data-stream-collection” contains 1 or more elements called “data- stream”. >>> each SDS has 1 or more modes in which it can be evaluated.
National Checklist Program (NCP) • See NIST Special Publication 800-70 Rev.2 • Frequently Asked Questions: General Information >> http://web.nvd.nist.gov/view/ncp/information
Security Configuration Checklist • Also called lockdown, hardening guide, benchmark, security technical implementation guide (STIG). • Series of instruction for configuring a product to particular operational environment. • Can comprise templates, automated scripts, patches or patch descriptions, XML files, and other procedures.
NIST maintains the National Checklist Repository. http://checklists.nist.gov/
Selecting checklists? • Checklist users should carefully consider the degree of automation and the source of each checklist. • NIST defined 4 tiers of checklists to assist users. • Tier1 checklists: are prose-based with narrative descriptions of how a person can manually alter a product’s configuration. • Tier4 checklists: have all security settings documented in machine- readable, standardized Security Content Automation Protocol (SCAP) formats,….. (see SP 800-70 Rev2).
Concept scap

Empfohlen

Elasticsearch in production Boston Meetup October 2014
Elasticsearch in production Boston Meetup October 2014Elasticsearch in production Boston Meetup October 2014
Elasticsearch in production Boston Meetup October 2014beiske
 
ELK - Stack - Munich .net UG
ELK - Stack - Munich .net UGELK - Stack - Munich .net UG
ELK - Stack - Munich .net UGSteve Behrendt
 
Elastic Stack ELK, Beats, and Cloud
Elastic Stack ELK, Beats, and CloudElastic Stack ELK, Beats, and Cloud
Elastic Stack ELK, Beats, and CloudJoe Ryan
 
The RSC chemical validation and standardization platform, a potential path to...
The RSC chemical validation and standardization platform, a potential path to...The RSC chemical validation and standardization platform, a potential path to...
The RSC chemical validation and standardization platform, a potential path to...US Environmental Protection Agency (EPA), Center for Computational Toxicology and Exposure
 
Preservation Workflows with Taverna
Preservation Workflows with TavernaPreservation Workflows with Taverna
Preservation Workflows with Tavernacneudecker
 
Slides Global Warming
Slides Global WarmingSlides Global Warming
Slides Global Warmingdiannemarie420
 
KPT_Pritam
KPT_PritamKPT_Pritam
KPT_PritamPritam Roy
 
Photoshop Exercises
Photoshop Exercises Photoshop Exercises
Photoshop Exercises diannemarie420
 

Empfohlen

Elasticsearch in production Boston Meetup October 2014
Elasticsearch in production Boston Meetup October 2014Elasticsearch in production Boston Meetup October 2014
Elasticsearch in production Boston Meetup October 2014beiske
 
ELK - Stack - Munich .net UG
ELK - Stack - Munich .net UGELK - Stack - Munich .net UG
ELK - Stack - Munich .net UGSteve Behrendt
 
Elastic Stack ELK, Beats, and Cloud
Elastic Stack ELK, Beats, and CloudElastic Stack ELK, Beats, and Cloud
Elastic Stack ELK, Beats, and CloudJoe Ryan
 
The RSC chemical validation and standardization platform, a potential path to...
The RSC chemical validation and standardization platform, a potential path to...The RSC chemical validation and standardization platform, a potential path to...
The RSC chemical validation and standardization platform, a potential path to...US Environmental Protection Agency (EPA), Center for Computational Toxicology and Exposure
 
Preservation Workflows with Taverna
Preservation Workflows with TavernaPreservation Workflows with Taverna
Preservation Workflows with Tavernacneudecker
 
Slides Global Warming
Slides Global WarmingSlides Global Warming
Slides Global Warmingdiannemarie420
 
KPT_Pritam
KPT_PritamKPT_Pritam
KPT_PritamPritam Roy
 
Photoshop Exercises
Photoshop Exercises Photoshop Exercises
Photoshop Exercises diannemarie420
 
Brand Focus 1 Page Presentation
Brand Focus 1 Page PresentationBrand Focus 1 Page Presentation
Brand Focus 1 Page PresentationIce Mom
 
Cs presentation
Cs presentationCs presentation
Cs presentationtamourk2
 
Faheem_Resume_068315
Faheem_Resume_068315Faheem_Resume_068315
Faheem_Resume_068315Faheem Ahmad
 
Varuna khullar founder@yogawith v
Varuna khullar founder@yogawith vVaruna khullar founder@yogawith v
Varuna khullar founder@yogawith vVaruna Khullar
 
Varuna khullar Founder@yogawith v
Varuna khullar Founder@yogawith vVaruna khullar Founder@yogawith v
Varuna khullar Founder@yogawith vVaruna Khullar
 
Especificaciones de_techo_de_acceso_1403709000421
Especificaciones de_techo_de_acceso_1403709000421Especificaciones de_techo_de_acceso_1403709000421
Especificaciones de_techo_de_acceso_1403709000421culon88
 
McHardy Financial Nov -Dec 2015 Newsletter
McHardy Financial Nov -Dec 2015 NewsletterMcHardy Financial Nov -Dec 2015 Newsletter
McHardy Financial Nov -Dec 2015 NewsletterPam Cradock Dip PFS
 
Photoshop Exercises
Photoshop Exercises Photoshop Exercises
Photoshop Exercises diannemarie420
 
Wicked Problems: Global Warming and Crustaceans
Wicked Problems: Global Warming and Crustaceans Wicked Problems: Global Warming and Crustaceans
Wicked Problems: Global Warming and Crustaceans diannemarie420
 
My Academic Record
My Academic RecordMy Academic Record
My Academic Recordibrahim alghamdi
 
Evaluation Question 4
Evaluation Question 4Evaluation Question 4
Evaluation Question 4jcraske7nre
 
REPORT_UML_PRITAM
REPORT_UML_PRITAMREPORT_UML_PRITAM
REPORT_UML_PRITAMPritam Roy
 
eWIN_Case_Study_-_A_Workforce_Strategy_to_Improve_Staff_Engagement[1]
eWIN_Case_Study_-_A_Workforce_Strategy_to_Improve_Staff_Engagement[1]eWIN_Case_Study_-_A_Workforce_Strategy_to_Improve_Staff_Engagement[1]
eWIN_Case_Study_-_A_Workforce_Strategy_to_Improve_Staff_Engagement[1]Sue Whittam
 
Aimee Gonthier From BFA 2012 to MFA 2015
Aimee Gonthier From BFA 2012 to MFA 2015Aimee Gonthier From BFA 2012 to MFA 2015
Aimee Gonthier From BFA 2012 to MFA 2015Aimee Gonthier
 
Tecnologia informatica
Tecnologia informaticaTecnologia informatica
Tecnologia informaticataniavanessita
 
Qué es un buscador
Qué es un buscadorQué es un buscador
Qué es un buscadoragusmuras22
 
Leading From Your Strengths
Leading From Your StrengthsLeading From Your Strengths
Leading From Your StrengthsChad Danner
 
The Intersection of Content Strategy and Instructional Design
The Intersection of Content Strategy and Instructional DesignThe Intersection of Content Strategy and Instructional Design
The Intersection of Content Strategy and Instructional DesignAnn Fandrey
 
Caderno tecnico 82 medicina de felino
Caderno tecnico 82 medicina de felinoCaderno tecnico 82 medicina de felino
Caderno tecnico 82 medicina de felinoargeropulos1
 
Science ppt
Science pptScience ppt
Science pptKushagra Sharma
 
Security Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore
Security Automation Simplified via NIST OSCAL: We’re Not in Kansas AnymoreSecurity Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore
Security Automation Simplified via NIST OSCAL: We’re Not in Kansas AnymorePriyanka Aash
 
2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security Guide
2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security Guide2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security Guide
2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security GuideShawn Wells
 

Weitere ähnliche Inhalte

Andere mochten auch

Brand Focus 1 Page Presentation
Brand Focus 1 Page PresentationBrand Focus 1 Page Presentation
Brand Focus 1 Page PresentationIce Mom
 
Cs presentation
Cs presentationCs presentation
Cs presentationtamourk2
 
Faheem_Resume_068315
Faheem_Resume_068315Faheem_Resume_068315
Faheem_Resume_068315Faheem Ahmad
 
Varuna khullar founder@yogawith v
Varuna khullar founder@yogawith vVaruna khullar founder@yogawith v
Varuna khullar founder@yogawith vVaruna Khullar
 
Varuna khullar Founder@yogawith v
Varuna khullar Founder@yogawith vVaruna khullar Founder@yogawith v
Varuna khullar Founder@yogawith vVaruna Khullar
 
Especificaciones de_techo_de_acceso_1403709000421
Especificaciones de_techo_de_acceso_1403709000421Especificaciones de_techo_de_acceso_1403709000421
Especificaciones de_techo_de_acceso_1403709000421culon88
 
McHardy Financial Nov -Dec 2015 Newsletter
McHardy Financial Nov -Dec 2015 NewsletterMcHardy Financial Nov -Dec 2015 Newsletter
McHardy Financial Nov -Dec 2015 NewsletterPam Cradock Dip PFS
 
Wicked Problems: Global Warming and Crustaceans
Wicked Problems: Global Warming and Crustaceans Wicked Problems: Global Warming and Crustaceans
Wicked Problems: Global Warming and Crustaceans diannemarie420
 
Evaluation Question 4
Evaluation Question 4Evaluation Question 4
Evaluation Question 4jcraske7nre
 
REPORT_UML_PRITAM
REPORT_UML_PRITAMREPORT_UML_PRITAM
REPORT_UML_PRITAMPritam Roy
 
eWIN_Case_Study_-_A_Workforce_Strategy_to_Improve_Staff_Engagement[1]
eWIN_Case_Study_-_A_Workforce_Strategy_to_Improve_Staff_Engagement[1]eWIN_Case_Study_-_A_Workforce_Strategy_to_Improve_Staff_Engagement[1]
eWIN_Case_Study_-_A_Workforce_Strategy_to_Improve_Staff_Engagement[1]Sue Whittam
 
Aimee Gonthier From BFA 2012 to MFA 2015
Aimee Gonthier From BFA 2012 to MFA 2015Aimee Gonthier From BFA 2012 to MFA 2015
Aimee Gonthier From BFA 2012 to MFA 2015Aimee Gonthier
 
Tecnologia informatica
Tecnologia informaticaTecnologia informatica
Tecnologia informaticataniavanessita
 
Qué es un buscador
Qué es un buscadorQué es un buscador
Qué es un buscadoragusmuras22
 
Leading From Your Strengths
Leading From Your StrengthsLeading From Your Strengths
Leading From Your StrengthsChad Danner
 
The Intersection of Content Strategy and Instructional Design
The Intersection of Content Strategy and Instructional DesignThe Intersection of Content Strategy and Instructional Design
The Intersection of Content Strategy and Instructional DesignAnn Fandrey
 
Caderno tecnico 82 medicina de felino
Caderno tecnico 82 medicina de felinoCaderno tecnico 82 medicina de felino
Caderno tecnico 82 medicina de felinoargeropulos1
 

Andere mochten auch (20)

Brand Focus 1 Page Presentation
Brand Focus 1 Page PresentationBrand Focus 1 Page Presentation
Brand Focus 1 Page Presentation
 
Cs presentation
Cs presentationCs presentation
Cs presentation
 
Faheem_Resume_068315
Faheem_Resume_068315Faheem_Resume_068315
Faheem_Resume_068315
 
Varuna khullar founder@yogawith v
Varuna khullar founder@yogawith vVaruna khullar founder@yogawith v
Varuna khullar founder@yogawith v
 
Varuna khullar Founder@yogawith v
Varuna khullar Founder@yogawith vVaruna khullar Founder@yogawith v
Varuna khullar Founder@yogawith v
 
Especificaciones de_techo_de_acceso_1403709000421
Especificaciones de_techo_de_acceso_1403709000421Especificaciones de_techo_de_acceso_1403709000421
Especificaciones de_techo_de_acceso_1403709000421
 
McHardy Financial Nov -Dec 2015 Newsletter
McHardy Financial Nov -Dec 2015 NewsletterMcHardy Financial Nov -Dec 2015 Newsletter
McHardy Financial Nov -Dec 2015 Newsletter
 
Photoshop Exercises
Photoshop Exercises Photoshop Exercises
Photoshop Exercises
 
Wicked Problems: Global Warming and Crustaceans
Wicked Problems: Global Warming and Crustaceans Wicked Problems: Global Warming and Crustaceans
Wicked Problems: Global Warming and Crustaceans
 
My Academic Record
My Academic RecordMy Academic Record
My Academic Record
 
Evaluation Question 4
Evaluation Question 4Evaluation Question 4
Evaluation Question 4
 
REPORT_UML_PRITAM
REPORT_UML_PRITAMREPORT_UML_PRITAM
REPORT_UML_PRITAM
 
eWIN_Case_Study_-_A_Workforce_Strategy_to_Improve_Staff_Engagement[1]
eWIN_Case_Study_-_A_Workforce_Strategy_to_Improve_Staff_Engagement[1]eWIN_Case_Study_-_A_Workforce_Strategy_to_Improve_Staff_Engagement[1]
eWIN_Case_Study_-_A_Workforce_Strategy_to_Improve_Staff_Engagement[1]
 
Aimee Gonthier From BFA 2012 to MFA 2015
Aimee Gonthier From BFA 2012 to MFA 2015Aimee Gonthier From BFA 2012 to MFA 2015
Aimee Gonthier From BFA 2012 to MFA 2015
 
Tecnologia informatica
Tecnologia informaticaTecnologia informatica
Tecnologia informatica
 
Qué es un buscador
Qué es un buscadorQué es un buscador
Qué es un buscador
 
Leading From Your Strengths
Leading From Your StrengthsLeading From Your Strengths
Leading From Your Strengths
 
The Intersection of Content Strategy and Instructional Design
The Intersection of Content Strategy and Instructional DesignThe Intersection of Content Strategy and Instructional Design
The Intersection of Content Strategy and Instructional Design
 
Caderno tecnico 82 medicina de felino
Caderno tecnico 82 medicina de felinoCaderno tecnico 82 medicina de felino
Caderno tecnico 82 medicina de felino
 
Science ppt
Science pptScience ppt
Science ppt
 

Ähnlich wie Concept scap

Security Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore
Security Automation Simplified via NIST OSCAL: We’re Not in Kansas AnymoreSecurity Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore
Security Automation Simplified via NIST OSCAL: We’re Not in Kansas AnymorePriyanka Aash
 
2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security Guide
2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security Guide2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security Guide
2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security GuideShawn Wells
 
Analysis of Database Issues using AHF and Machine Learning v2 - SOUG
Analysis of Database Issues using AHF and Machine Learning v2 - SOUGAnalysis of Database Issues using AHF and Machine Learning v2 - SOUG
Analysis of Database Issues using AHF and Machine Learning v2 - SOUGSandesh Rao
 
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022Sandesh Rao
 
Getting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentationGetting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentationBerry Clemens
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Joel W. King
 
Cdcr apachecon-talk
Cdcr apachecon-talkCdcr apachecon-talk
Cdcr apachecon-talkAmrit Sarkar
 
Dynamics ax performance tuning
Dynamics ax performance tuningDynamics ax performance tuning
Dynamics ax performance tuningOutsourceAX
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackElasticsearch
 
Spark and Couchbase: Augmenting the Operational Database with Spark
Spark and Couchbase: Augmenting the Operational Database with SparkSpark and Couchbase: Augmenting the Operational Database with Spark
Spark and Couchbase: Augmenting the Operational Database with SparkSpark Summit
 
DBA 101 : Calling all New Database Administrators (PPT)
DBA 101 : Calling all New Database Administrators (PPT)DBA 101 : Calling all New Database Administrators (PPT)
DBA 101 : Calling all New Database Administrators (PPT)Gustavo Rene Antunez
 
NetFlow Monitoring Standard Content Guide for ESM 6.5c
NetFlow Monitoring Standard Content Guide for ESM 6.5c NetFlow Monitoring Standard Content Guide for ESM 6.5c
NetFlow Monitoring Standard Content Guide for ESM 6.5c Protect724migration
 
Remote Log Analytics Using DDS, ELK, and RxJS
Remote Log Analytics Using DDS, ELK, and RxJSRemote Log Analytics Using DDS, ELK, and RxJS
Remote Log Analytics Using DDS, ELK, and RxJSSumant Tambe
 
"Data Provenance: Principles and Why it matters for BioMedical Applications"
"Data Provenance: Principles and Why it matters for BioMedical Applications""Data Provenance: Principles and Why it matters for BioMedical Applications"
"Data Provenance: Principles and Why it matters for BioMedical Applications"Pinar Alper
 
Oracle forensics 101
Oracle forensics 101Oracle forensics 101
Oracle forensics 101fangjiafu
 
Esm scg net_flow_6.0c
Esm scg net_flow_6.0c Esm scg net_flow_6.0c
Esm scg net_flow_6.0c Protect724v3
 
Standard Provenance Reporting and Scientific Software Management in Virtual L...
Standard Provenance Reporting and Scientific Software Management in Virtual L...Standard Provenance Reporting and Scientific Software Management in Virtual L...
Standard Provenance Reporting and Scientific Software Management in Virtual L...njcar
 
Network Monitoring Standard Content Guide for ESM 6.8c
Network Monitoring Standard Content Guide for ESM 6.8cNetwork Monitoring Standard Content Guide for ESM 6.8c
Network Monitoring Standard Content Guide for ESM 6.8cProtect724migration
 
Attack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and KibanaAttack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and KibanaPrajal Kulkarni
 
Cm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configurationCm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configurationdcervigni
 

Ähnlich wie Concept scap (20)

Security Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore
Security Automation Simplified via NIST OSCAL: We’re Not in Kansas AnymoreSecurity Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore
Security Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore
 
2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security Guide
2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security Guide2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security Guide
2012-10-16 Mil-OSS Working Group: Introduction to SCAP Security Guide
 
Analysis of Database Issues using AHF and Machine Learning v2 - SOUG
Analysis of Database Issues using AHF and Machine Learning v2 - SOUGAnalysis of Database Issues using AHF and Machine Learning v2 - SOUG
Analysis of Database Issues using AHF and Machine Learning v2 - SOUG
 
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
Analysis of Database Issues using AHF and Machine Learning v2 - AOUG2022
 
Getting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentationGetting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentation
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
 
Cdcr apachecon-talk
Cdcr apachecon-talkCdcr apachecon-talk
Cdcr apachecon-talk
 
Dynamics ax performance tuning
Dynamics ax performance tuningDynamics ax performance tuning
Dynamics ax performance tuning
 
What’s Evolving in the Elastic Stack
What’s Evolving in the Elastic StackWhat’s Evolving in the Elastic Stack
What’s Evolving in the Elastic Stack
 
Spark and Couchbase: Augmenting the Operational Database with Spark
Spark and Couchbase: Augmenting the Operational Database with SparkSpark and Couchbase: Augmenting the Operational Database with Spark
Spark and Couchbase: Augmenting the Operational Database with Spark
 
DBA 101 : Calling all New Database Administrators (PPT)
DBA 101 : Calling all New Database Administrators (PPT)DBA 101 : Calling all New Database Administrators (PPT)
DBA 101 : Calling all New Database Administrators (PPT)
 
NetFlow Monitoring Standard Content Guide for ESM 6.5c
NetFlow Monitoring Standard Content Guide for ESM 6.5c NetFlow Monitoring Standard Content Guide for ESM 6.5c
NetFlow Monitoring Standard Content Guide for ESM 6.5c
 
Remote Log Analytics Using DDS, ELK, and RxJS
Remote Log Analytics Using DDS, ELK, and RxJSRemote Log Analytics Using DDS, ELK, and RxJS
Remote Log Analytics Using DDS, ELK, and RxJS
 
"Data Provenance: Principles and Why it matters for BioMedical Applications"
"Data Provenance: Principles and Why it matters for BioMedical Applications""Data Provenance: Principles and Why it matters for BioMedical Applications"
"Data Provenance: Principles and Why it matters for BioMedical Applications"
 
Oracle forensics 101
Oracle forensics 101Oracle forensics 101
Oracle forensics 101
 
Esm scg net_flow_6.0c
Esm scg net_flow_6.0c Esm scg net_flow_6.0c
Esm scg net_flow_6.0c
 
Standard Provenance Reporting and Scientific Software Management in Virtual L...
Standard Provenance Reporting and Scientific Software Management in Virtual L...Standard Provenance Reporting and Scientific Software Management in Virtual L...
Standard Provenance Reporting and Scientific Software Management in Virtual L...
 
Network Monitoring Standard Content Guide for ESM 6.8c
Network Monitoring Standard Content Guide for ESM 6.8cNetwork Monitoring Standard Content Guide for ESM 6.8c
Network Monitoring Standard Content Guide for ESM 6.8c
 
Attack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and KibanaAttack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and Kibana
 
Cm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configurationCm5 secure code_training_1day_system configuration
Cm5 secure code_training_1day_system configuration
 

Concept scap

  • 1. Datastream http://martin.preisler.me/category/scap/page/2 Datastream can be thought of as an archive of interlinked SCAP content(XCCDF,OVAL,CPE,…)
  • 2. Type of datastream • Source datastream (SDS) • Result datastream (ARF) >> The scanner takes a SDS, evaluates and gives results in the ARF format back.
  • 3. Source Datastream • Has a root element called “data-stream-collection”. • “data-stream-collection” contains 1 or more elements called “data- stream”. >>> each SDS has 1 or more modes in which it can be evaluated.
  • 4. National Checklist Program (NCP) • See NIST Special Publication 800-70 Rev.2 • Frequently Asked Questions: General Information >> http://web.nvd.nist.gov/view/ncp/information
  • 5. Security Configuration Checklist • Also called lockdown, hardening guide, benchmark, security technical implementation guide (STIG). • Series of instruction for configuring a product to particular operational environment. • Can comprise templates, automated scripts, patches or patch descriptions, XML files, and other procedures.
  • 6. NIST maintains the National Checklist Repository. http://checklists.nist.gov/
  • 7. Selecting checklists? • Checklist users should carefully consider the degree of automation and the source of each checklist. • NIST defined 4 tiers of checklists to assist users. • Tier1 checklists: are prose-based with narrative descriptions of how a person can manually alter a product’s configuration. • Tier4 checklists: have all security settings documented in machine- readable, standardized Security Content Automation Protocol (SCAP) formats,….. (see SP 800-70 Rev2).