Publications
Further development of this draft has ceased (March 29, 2016).
Proposed Open Specifications for an Enterprise Remediation Automation Framework
Documentation
Topics
Date Published: February 2011
Comments Due:
Email Questions to:
Author(s)
David Waltermire (NIST), Christopher Johnson, Matthew Kerr, Matthew Wojcik, John Wunder
Announcement
NIST announces the public comment release of the draft NIST Interagency Report (NISTIR) 7670, Proposed Open Specifications for an Enterprise Remediation Automation Framework. This report examines technical use cases for enterprise remediation, identifies high-level requirements for these use cases, and proposes a set of emerging specifications that satisfy those requirements.
The success of SCAP in automated system assessment has fostered research related to the development of similar open specifications in support of enterprise remediation. Enterprise remediation is focused on delivering capabilities that allow organizations to identify, describe and implement desired system changes across the enterprise. Remediation actions can include changes to the configuration of an operating system or application, installation of a software patch, or the installation or removal of applications and libraries. This report examines technical use cases for enterprise remediation, identifies high-level requirements for these use cases, and proposes a set of emerging specifications that satisfy those requirements. This report is a product of ongoing collaboration between the National Institute of Standards and Technology (NIST), the US Department of Defense, and the MITRE Corporation. Participation from a broader community of interested parties is actively sought to help define, refine and mature proposed remediation standards.
The success of SCAP in automated system assessment has fostered research related to the development of similar open specifications in support of enterprise remediation. Enterprise remediation is focused on delivering capabilities that allow organizations to identify, describe and implement desired...
See full abstract
The success of SCAP in automated system assessment has fostered research related to the development of similar open specifications in support of enterprise remediation. Enterprise remediation is focused on delivering capabilities that allow organizations to identify, describe and implement desired system changes across the enterprise. Remediation actions can include changes to the configuration of an operating system or application, installation of a software patch, or the installation or removal of applications and libraries. This report examines technical use cases for enterprise remediation, identifies high-level requirements for these use cases, and proposes a set of emerging specifications that satisfy those requirements. This report is a product of ongoing collaboration between the National Institute of Standards and Technology (NIST), the US Department of Defense, and the MITRE Corporation. Participation from a broader community of interested parties is actively sought to help define, refine and mature proposed remediation standards.
Hide full abstract
Keywords
security automation; Security Content Automation Protocol; SCAP; enterprise security
Control Families
Audit and Accountability; Configuration Management; Incident Response
