Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NISTIR 7848 (DRAFT)

Specification for the Asset Summary Reporting Format 1.0

Date Published: May 2012
Comments Due: June 6, 2012 (public comment period is CLOSED)
Email Questions to: asr-comments@nist.gov

Author(s)

Mark Davidson (MITRE), Adam Halbardier (BAH), David Waltermire (NIST)

Announcement

NIST announces the public comment release of Draft NIST Interagency Report (NISTIR) 7848, Specification for the Asset Summary Reporting Format 1.0. NISTIR 7848 defines the Asset Summary Reporting (ASR) format version 1.0, a data model for expressing the data exchange format of summary information relative to one or more metrics. ASR reduces the bandwidth requirement to report information about assets in the aggregate since it allows for reporting aggregates relative to metrics, as opposed to reporting data about each individual asset, which can lead to a bloated data exchange. ASR is vendor neutral and leverages widely adopted, open specifications; it is flexible, and suited for a wide variety of reporting applications.

Abstract

Keywords

Asset Summary Reporting Format (ASR); continuous monitoring; information technology; security automation; Security Content Automation Protocol (SCAP); asset reporting; security metrics
Control Families

Audit and Accountability; Security Assessment and Authorization; Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Communications Protection;

Documentation

Publication:
Draft NISTIR 7848

Supplemental Material:
None available