Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NISTIR 8011 Vol. 3 (Draft)

Automation Support for Security Control Assessments: Software Asset Management

Date Published: April 2018
Comments Due: May 4, 2018 (public comment period is CLOSED)
Email Questions to:


Kelley Dempsey (NIST), Nedim Goren (NIST), Paul Eavy (DHS), George Moore (APL)



actual state; assessment; assessment boundary; assessment method; authorization boundary; automated assessment; automation; capability; continuous diagnostics and mitigation; dashboard; defect; defect check; desired state specification; software asset management; information security continuous monitoring; firmware; ISCM dashboard, inventory management; malware; malicious code; mobile code; mitigation; ongoing assessment; root cause analysis; security automation; security capability; security control; security control assessment; security control item; software executable; SWID tag; software injection; software product; software whitelisting.
Control Families

Security Assessment and Authorization; Risk Assessment


Draft NISTIR 8011 Vol. 3

Supplemental Material:
None available

Other Parts of this Publication:
NISTIR 8011 Vol. 1
NISTIR 8011 Vol. 2

Related NIST Publications:
SP 800-53A Rev. 4
SP 800-53 Rev. 4

Document History:
04/05/18: NISTIR 8011 Vol. 3 (Draft)
12/06/18: NISTIR 8011 Vol. 3 (Final)