Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NISTIR 8011 Vol. 4 (Draft)

Automation Support for Security Control Assessments: Software Vulnerability Management

Date Published: November 2019
Comments Due: December 20, 2019 (public comment period is CLOSED)
Email Questions to: sec-cert@nist.gov

Author(s)

Kelley Dempsey (NIST), Eduardo Takamura (NIST), Paul Eavy (DHS), George Moore

Abstract

Keywords

actual state; assessment; authorization boundary; automation; capability; Common Vulnerability and Exposure (CVE); Common Weakness Enumeration (CWE); dashboard; defect; desired state specification; dynamic code analyzer; Information Security Continuous Monitoring (ISCM); malicious code; malware; mitigation; ongoing assessment; patch management; root cause analysis; security capability; security control item; security control; software file; Software Identification (SWID) tag; software injection; software product; software vulnerability; software weakness; software; static code analyzer
Control Families

None selected

Documentation

Publication:
NISTIR 8011 Vol. 4 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Document History:
11/20/19: NISTIR 8011 Vol. 4 (Draft)
04/28/20: NISTIR 8011 Vol. 4 (Final)