CSRC > Archive > ASSET
This project has been archived and is provided for historical purposes.

Automated Security Self-Evaluation Tool (ASSET) header image

General Description of the Automated Security Self-Evaluation Tool (ASSET)

The purpose of ASSET is to automate the completion of the questionnaire contained in NIST Special Publication 800-26, "Security Self-Assessment Guide for Information Technology Systems."

As described in NIST Special Publication 800-26, the results of the questionnaire provide a "method of evaluating the security of a particular system or group of systems." Through interpretation of the questionnaire results, users are able to assess the information technology (IT) security posture for any number of systems within their organization and, in particular, assess the status of the organization's security program plan.

ASSET consists of two tools -- The ASSET-System and the ASSET-Manager. Within ASSET-System, the questionnaire is presented in a progressive format, allowing users to move backward and forward in the questionnaire at their discretion. The ASSET-Manager provides the ability to sort and summarize the questionnaire results for all systems assessed and to display the results through several formatted reports or through an export capability.

ASSET-System allows users to return to the assessment of a particular system, by saving the prior status of the assessment. Once the assessment is completed, a user can locally generate summary reports of individual systems giving an immediate picture of the assessment results.

Both ASSET-System and the ASSET-Manager are developed and designed to meet the GSA Section 508 accessibility standards, as is required by law.

ASSET Reports

The ASSET-System provides the capability to generate four reports, however the tool has the functionality to export any report in a text, comma-delimited format so that the fields can be used in any spreadsheet or application. The four reports are:

  • Summary of Topic Areas by Level of Effectiveness
  • List of Non-Applicable Questions
  • List of Risk Based Decisions
  • System Summary

The ASSET-Manager also provides the capability to generate four reports and has the same export functionality as the ASSET. The four reports are:

  • Summary of All Systems
  • List of Systems by Type
  • List By Systems Sensitivity
  • Summary by Organization

ASSET Specifications

The deployment platform for version 1.00 of ASSET-System and ASSET-Manager is a Win32 binary. The tools have been tested on a Windows 2000 Professional SP2 platform with the Java 2 Standard Edition Runtime Environment and the Microsoft SQL Server Desktop Engine version 1.0.

The minimum system requirements for installing the two tools are:

Hardware: Pentium II -266 MHz processor
Operating System: Windows 2000 Professional, Windows NT
Memory Requirements: 120 MB free space

Contact Information

For questions about the tool, please send an e-mail message to asset at nist dot gov.      **Note: substitute the at with @ and dot with .


Last updated: September 27, 2007
Page created: March 24, 2002