The technical specification for the security content automation protocol (SCAP) version 1.3

Waltermire, David; Quinn, Stephen; Booth, Harold; Scarfone, Karen; Prisaca, Dragos

doi:10.6028/nist.sp.800-126r3

Cited by 22 publications

(25 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The latter validates the usability of XACML in distributed systems, underlining some limitations such as the need for a high granularity of sub-policies and the difficulty of maintaining an encoded security policy. The languages and formats introduced by SCAP protocol constitutes also an interesting support, as they cover many complementary specifications, such as vulnerability descriptions and scorings, that are exploitable for automating security in distributed cloud [18]. These standards are usable in our solution.…”

Section: Related Workmentioning

confidence: 98%

Towards a Software-Defined Security Framework for Supporting Distributed Cloud

Compastié

Badonnel

Festor

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Cloud computing provides new facilities for building elaborated services hosted through various infrastructures over the Internet. In the meantime, these ones pose new important challenges in terms of security due to their intrinsic nature. We propose in this paper to detail a software-defined security framework supporting the protection of these services, in the context of distributed cloud. These ones require security mechanisms able to cope with their multi-tenancy and multi-cloud properties. The foundations of this framework rely on the software-defined logic to express and propagate security policies to the considered cloud resources, and on the autonomic paradigm to dynamically configure and adjust these mechanisms to distributed cloud constraints. In particular, we describe the main components and protocols of this software-defined security framework, evaluate this one and discuss implementation considerations, through the analysis of different realistic scenarios.

show abstract

Section: Related Workmentioning

confidence: 98%

Towards a Software-Defined Security Framework for Supporting Distributed Cloud

Compastié

Badonnel

Festor

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The developed model is used to implement the logical inference for countermeasure generation. The paper [30] deals with the construction of a common ontology for the SCAP protocol [40]. The SCAP protocol includes the following types of security data: vulnerabilities [6], configurations [3], software and hardware [4], etc.…”

Section: Security Sources and Related Workmentioning

confidence: 99%

An Ontology-based Storage of Security Information

Kotenko

Fedorchenko

Doynikova

et al. 2018

ITC

View full text Add to dashboard Cite

The paper suggests an ontology-based approach for design of security data storage. It analyzes heterogeneous security information for construction of the security storage and the statistics of links between various security data sources. The suggested ontological model of the data storage allows connecting both heterogeneous security data and security data of the same type from various sources. The main features the ontological model, its key elements and links between them are described in details. In addition, the authors introduce the developed prototype of the ontological data storage and provide examples of its usage for security evaluation.

show abstract

“…Since this initial version, there have been three SCAP v1 revisions. The current revision, SCAP 1.3, was released in February 2018 as NIST Special Publication (SP) 800-126 Revision 3 [2]. Over its lifetime, a few critical gaps have been identified in SCAP v1 that need to be addressed to provide a more robust solution:…”

Section: Gaps In Scap V1mentioning

confidence: 99%

Transitioning to the Security Content Automation Protocol (SCAP) Version 2

Waltermire¹,

Fitzgerald-McKay²

2018

Self Cite

View full text Add to dashboard Cite

The Security Content Automation Protocol (SCAP) version 2 (v2) automates endpoint posture information collection and the incorporation of that information into network defense capabilities using standardized protocols. SCAP v2 expands the endpoint types supported by SCAP v1 through the explicit inclusion of network equipment, Internet of Things (IoT), and mobile devices in its scope. To automate self-reporting of posture information from endpoint machines, SCAP v2 will integrate with existing network management protocols that include the Internet Engineering Task Force (IETF) Network Endpoint Assessment (NEA) protocols. SCAP v2 will streamline SCAP content acquisition and reuse through its use of the IETF Resource Oriented Lightweight Information Exchange (ROLIE) protocol. Improvements to software version identification and the incorporation of patch information will be made by transitioning from the Common Platform Enumeration (CPE) to Software Identification (SWID) Tags. SCAP v2 provides component-level interoperability via a modular and extensible architecture. This white paper provides a gap analysis of SCAP v1 and an overview of how SCAP v2 will address these gaps; describes the SCAP 2.0 architecture; and provides a plan for completing the work necessary to finalize SCAP v2.

show abstract

The technical specification for the security content automation protocol (SCAP) version 1.3

Cited by 22 publications

References 0 publications

Towards a Software-Defined Security Framework for Supporting Distributed Cloud

Towards a Software-Defined Security Framework for Supporting Distributed Cloud

An Ontology-based Storage of Security Information

Transitioning to the Security Content Automation Protocol (SCAP) Version 2

Contact Info

Product

Resources

About