Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NISTIR 7800 (DRAFT)

Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains

Date Published: January 2012
Comments Due: February 17, 2012 (public comment period is CLOSED)
Email Questions to: fe-comments@nist.gov

Author(s)

David Waltermire (NIST), Adam Halbardier, Adam Humenansky, Peter Mell (NIST)

Announcement

NIST announces the public comment release of Draft NIST Interagency Report (NISTIR) 7800, Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains. This publication binds together the Continuous Monitoring workflows and capabilities described in NIST IR 7799 to specific data domains. It focuses on the Asset Management, Configuration and Vulnerability data domains. It leverages the Security Content Automation Protocol (SCAP) version 1.2 for configuration and vulnerability scan content, and it dictates reporting results in an SCAP-compliant format. This specification describes an overview of the approach to each of the three domains, how they bind to specific communication protocols, and how those protocols interact. It then defines the specific requirements levied upon the various capabilities of the subsystems defined in NIST IR 7799 that enable each data domain.

Abstract

Keywords

continuous monitoring; vulnerability management
Control Families

Audit and Accountability; Security Assessment and Authorization; Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Communications Protection;