NISTIR 8011 Vol. 4

Automation Support for Security Control Assessments: Software Vulnerability Management

Date Published: April 2020

Author(s)

Kelley Dempsey (NIST), Eduardo Takamura (NIST), Paul Eavy (DHS), George Moore

Abstract

Keywords

actual state; assessment; authorization boundary; automation; capability; Common Vulnerability and Exposure (CVE); Common Weakness Enumeration (CWE); dashboard; defect; desired state specification; dynamic code analyzer; Information Security Continuous Monitoring (ISCM); malicious code; malware; mitigation; ongoing assessment; patch management; root cause analysis; security capability; security control item; security control; software file; Software Identification (SWID) tag; software injection; software product; software vulnerability; software weakness; software; static code analyzer
Control Families

None selected

Documentation

Publication:
NISTIR 8011 Vol. 4 (DOI)
Local Download

Supplemental Material:
None available

Other Parts of this Publication:
NISTIR 8011 Vol. 1
NISTIR 8011 Vol. 2
NISTIR 8011 Vol. 3

Document History:
11/20/19: NISTIR 8011 Vol. 4 (Draft)
04/28/20: NISTIR 8011 Vol. 4 (Final)