ScienceDaily (16 March 2011) increasingly difficult to keep track of all vulnerabilities present complex in today's operating systems and applications. Attackers look for all the time, to exploit these vulnerabilities to take the identity fraud, plagiarism and other. National Institute of standards and technology (NIST) has released two publications updated to help organizations find and manage vulnerabilities more effectively, by standardizing the vulnerabilities identified, prioritized, and they are reported.
The security departments of computer work behind the scenes in all government ministries and other organizations to secure computers and networks. Valuable tools for software security automation is that of the NIST security content automation protocol (SCAP). SCAP-based software can be used to automatically check for individual computers to see if they have any known vulnerabilities, and if they have the appropriate security settings instead of corrections. Security issues can be identified quickly and accurately, allowing them to resolve before hackers can exploit them.
The first publication, the technical specification for the security content automation protocol (SCAP) version 1.1 (NIST Special publication (SP) 800-126 last 1) refines the requirements of the Protocol SCAP version 1.0. SCAP is a suite of specifications for standardizing the format and terminology that relate to security software to evaluate software flaws, security and software configurations.
SP 800-126 Rev. 1 tightens the requirements and specifications of individual suite to support the functionality of the SCAP and ensure interoperability between SCAP tools. It also adds a new specification-open checklist interactive language (OCIL)-which allows security professionals to collect information that is not accessible by means of automatic. For example, you can use OCIL ask users about security awareness training, or prompts the administrator to review security settings is available only through a proprietary graphical user interface. In addition, SCAP 1.1 reader for version 8.0 of the open vulnerability and assessment language (Oval).
NIST and others provide a publicly accessible stores of information security and standard security configurations, you can download templates SCAP and used by the Protocol SCAP compatible tools. For example, NIST national vulnerability database (NVD) provides a unique identifier for each vulnerability reported software, analysis of potential damage, specifies risk. NVD grew in 2002 about 6,000 drawings 46,000 in early 2011. It is updated daily.
The second document, a guide to using the vulnerability naming scheme (Special Edition publication 800-53-1), provides recommendations for naming schemes used by SCAP. Before these were standard, various organizations vulnerabilities in different ways, which created confusion. These naming schemes "may be a better synthesis of information about vulnerabilities in software," explained co-author David Waltermire, minimizes confusion and can lead to faster security patches. Common vulnerabilities and exposures (CVE) identification of defects in the software; A common configuration enumeration (CCE) is the configuration problems.
SP 800-68 Rev. 1 provides an introduction to the two naming schemes, recommends their use. It also offers some of the providers of software and services you need to use the names of the vulnerability and naming their products, service offerings.
These new publications can be downloaded from NIST. Technical specification for the security content automation protocol (SCAP) version 1.1 (NIST Special Publication 800-126 last 1) can be found on http://csrc.nist.gov/publications/nistpubs/800-126-rev1/SP800-126r1.pdf. You can find the vulnerability naming scheme (Special Edition publication 800-53-1) in http://csrc.nist.gov/publications/nistpubs/800-51-rev1/SP800-51rev1.pdf.
Email or share this story:
The source of the story:
The above story printed (with writers adaptations by a teamdaily science) from materials that can be by the National Institute of standards technology (NIST).
Note: If no source is cited, instead.
Disclaimer: hdioth in this article do not necessarily reflect those of his team or ScienceDaily.
