Cyber Security Institute
§ Current Worries
Top 3 Worries
- Regulations
- Old Firewall Configurations
- Security Awareness
§ Listening
For the best information
- The underground
- Audible
- Executive Excellence
- Music (to keep me sane)
§ Watching
For early warnings
- 150 Security Websites
- AP Newsfeeds
- Vendors
Tuesday, May 22, 2007
NIST releases FISMA security control tools
The National Institute of Standards and Technology has released a suite of tools to help automate vulnerability management and evaluate compliance with federal IT security requirements. It is an automated checklist that using a collection of recognized standards for naming software flaws and configuration problems in specific products.
The Security Content Automation Protocol is an expansion of the National Vulnerability Database. SCAP is intended to help make the step from FISMA compliance to
operational IT security.
FISMA is a very thorough and comprehensive framework for security computers, said Peter Mell, NVD program manager. But it doesnt deal with diving down at low level configurations and settings where vulnerabilities are exploited.