2. Type of datastream
• Source datastream (SDS)
• Result datastream (ARF)
>> The scanner takes a SDS, evaluates and gives results in the ARF
format back.
3. Source Datastream
• Has a root element called “data-stream-collection”.
• “data-stream-collection” contains 1 or more elements called “data-
stream”.
>>> each SDS has 1 or more modes in which it can be evaluated.
4. National Checklist Program (NCP)
• See NIST Special Publication 800-70 Rev.2
• Frequently Asked Questions: General Information
>> http://web.nvd.nist.gov/view/ncp/information
5. Security Configuration Checklist
• Also called lockdown, hardening guide, benchmark, security technical
implementation guide (STIG).
• Series of instruction for configuring a product to particular
operational environment.
• Can comprise templates, automated scripts, patches or patch
descriptions, XML files, and other procedures.
6. NIST maintains the National Checklist
Repository.
http://checklists.nist.gov/
7. Selecting checklists?
• Checklist users should carefully consider the degree of automation
and the source of each checklist.
• NIST defined 4 tiers of checklists to assist users.
• Tier1 checklists: are prose-based with narrative descriptions of how a
person can manually alter a product’s configuration.
• Tier4 checklists: have all security settings documented in machine-
readable, standardized Security Content Automation Protocol (SCAP)
formats,….. (see SP 800-70 Rev2).