Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Government releases specs for security checklists

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Government releases specs for security checklists
Date: Thu, 27 Jan 2005 01:26:18 -0600 (CST) 
http://www.gcn.com/vol1_no1/daily-updates/34910-1.html

By Dawn S. Onley 
GCN Staff
01/26/05 

The National Institute of Standards and Technology and the National
Security Agency have released a specification to standardize IT
security checklists.

NIST and NSA collaborated with representatives from industry to
develop the Extensible Configuration Checklist Description Format
(XCCDF) [1] as a way to provide a uniform format for security
checklists, benchmarks and other configuration guidance.

In their document, NIST and NSA noted that the use of such checklists
"can markedly reduce the vulnerability exposure of an organization."  
By developing a single format for use in government, there is the
added benefit that agencies can easily share checklist information,
NIST and NSA said.

The Cyber-Security R&D Act of 2002 directed NIST to create and
maintain a checklist of settings and option selections that will
minimize security risks for hardware and software used within the
federal government.

"A uniform and widely used format for security benchmarks, checklists
and related documents will help to improve security of government and
private IT installations by enabling more timely and effective
knowledge sharing and by fostering automated security testing and
monitoring," according to an NSA statement.

[1] http://csrc.nist.gov/checklists/docs/xccdf-spec-1.0.pdf



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Government releases specs for security checklists, InfoSec News <=
Previous by Date:  [ISN] The United States' battle to secure cyberspace, InfoSec News
Next by Date:  [ISN] US to tighten nuclear cyber security, InfoSec News
Previous by Thread:  [ISN] The United States' battle to secure cyberspace, InfoSec News
Next by Thread:  [ISN] US to tighten nuclear cyber security, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]