Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center


Specification for the Asset Summary Reporting Format 1.0

Date Published: May 2012
Comments Due: June 6, 2012 (public comment period is CLOSED)
Email Questions to:


Mark Davidson (MITRE), Adam Halbardier (BAH), David Waltermire (NIST)


NIST announces the public comment release of Draft NIST Interagency Report (NISTIR) 7848, Specification for the Asset Summary Reporting Format 1.0. NISTIR 7848 defines the Asset Summary Reporting (ASR) format version 1.0, a data model for expressing the data exchange format of summary information relative to one or more metrics. ASR reduces the bandwidth requirement to report information about assets in the aggregate since it allows for reporting aggregates relative to metrics, as opposed to reporting data about each individual asset, which can lead to a bloated data exchange. ASR is vendor neutral and leverages widely adopted, open specifications; it is flexible, and suited for a wide variety of reporting applications.



Asset Summary Reporting Format (ASR); continuous monitoring; information technology; security automation; Security Content Automation Protocol (SCAP); asset reporting; security metrics
Control Families

Audit and Accountability; Security Assessment and Authorization; Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Communications Protection;


Draft NISTIR 7848

Supplemental Material:
None available


Security and Privacy
asset management; security automation;

Laws and Regulations
Federal Information Security Modernization Act;