From: GCN
By William Jackson
An emerging area in network security is automation, using various tools to monitor systems and network traffic for signs of trouble. Automation can handle tasks that otherwise would have to be done by IT staff members, who are then freed up for other tasks.
The federal government is supporting automation by developing the standards that are necessary for automation tools to work together and offering intrusion detection and prevention as a service to agencies.
SCAP
The government is working to create a standards-based security environment through the Security Content Automation Protocol (SCAP), a suite of interoperable specifications developed at the National Institute of Standards and Technology in collaboration with the public- and private-sector security community.
Although NIST’s agenda for security automation goes beyond vulnerability management, SCAP in its present form, Version 1.2, deals primarily with endpoint compliance for configuration requirements. The specifications, contained in Special Publication 800-126, support automated configuration, vulnerability and patch checking, technical control compliance and security measurement.
“In the U.S. government it has been a challenge to implement configuration management,” said NIST’s Dave Waltermire, SCAP architect. “There is often a tension between allocating resources to manage systems and developing configuration management policies, procedures and baselines.”
The SCAP specifications provide the building blocks for vendors to create standards-based tools that can work and communicate with each other in automating these processes. They create a common format for developing and enforcing baselines and producing standardized results. This requires common methods of expressing information about hardware, software and vulnerabilities.
SCAP Version 1.2 includes 11 component specifications in five categories:
- Languages for expressing security policy, technical check mechanisms and assessment results, including Extensible Configuration Checklist Description Format, Open Vulnerability and Assessment Language and Open Checklist Interactive Language.
- Reporting formats to express collected information, including Asset Reporting Format and Asset Identification. Although Asset Identification is not explicitly a reporting format, SCAP uses it in identifying the assets.
- Enumerations, standard nomenclatures and an official dictionary of items expressed using that nomenclature, including Common Platform Enumeration, Common Configuration Enumeration and Common Vulnerabilities and Exposures.
- Measurement and scoring systems for evaluating severity of a security weakness, including Common Vulnerability Scoring System and Common Configuration Scoring System.
- Integrity of SCAP content and results, Trust Model for Security Automation Data.
Leave a Reply