- Sponsored by:
Home 
Reports
Information Technology
Content
XML-based language formats checklists for IT security
next article
27.01.2005
To make it easier to measure the security of an information technology product or system, researchers at the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) have developed a common specification language--Extensible Configuration Checklist Description Format (XCCDF)--for writing security checklists and related documents.
Increasingly, computers and other information technology products are vulnerable to multiple threats including viruses, worms and identity or information theft. One basic, yet effective, security tool is the security configuration checklist--a series of instructions for configuring an information technology (IT) product to a baseline or benchmark level of security. Configuring a system into conformance with a benchmark or other security specification is a time-consuming and very technical task. Automated tools are available to help system administrators determine a system’s conformance and recommend corrective measures. However, most of these tools are designed for a particular IT product or system.
XCCDF is an XML-based format that is flexible, vendor-neutral and suited for a wide variety of checklist applications including measuring conformance of an IT system to security benchmarks and generating a record of a benchmark test. (XML is a language--analogous to the HTML codes used to format web pages--that describes information in a standard way to allow computers to exchange information and act on it.)
"XCCDF’s common format will help security professionals, vendors and system auditors to more quickly exchange information and improve automation of security testing and configuration checking," said John Wack, a researcher in NIST’s Computer Security Division.
The XCCDF specification document, Specification for the Extensible Configuration Checklist Description Format (XCCDF) (NISTIR 7188), is available at http://csrc.nist.gov/checklists/. NIST, in conjunction with the Department of Homeland Security, NSA, and other organizations, is developing computer security checklists for many IT products widely used by government agencies.
Jan Kosko | Source: EurekAlert!
Further information: csrc.nist.gov/checklists/
www.nist.gov
next article
More articles from 
Information Technology:
Innovative search for world’s biggest physics laboratory
08.10.2008 | Fraunhofer-Institut fuer Graphische Datenverarbeitung IGD
World’s biggest computing grid launched
07.10.2008 | DOE/Brookhaven National Laboratory
Top
Send this article
PrintAdditional Sponsors | |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 | |
 |
 |
 |
 |
 | |
 |
 |
 | |
 |
 |
 |
 |
 |  |
 |
|
 |
 |
 |
 |
 |
 |
 | |
 |
 |
 | |
  | |
  | |
 |
 |
 |
 |
 | |
 |
 |
 | |
 | |
 | |
 |
|
 | |
 | |
 | |
 | |
 | |
B2B Search
Company / Organisation
Latest News
Scientists find new insight into genome of neglected malaria parasite
10.10.2008 | Life Sciences
Hodgkin lymphoma -- new characteristics discovered
10.10.2008 | Life Sciences
Digital zebrafish embryo provides the first complete developmental blueprint of a vertebrate
10.10.2008 | Life Sciences
Home 
About us 
Partner 
Contact 
Sitemap 
find and help 
Deutsch
Disclaimer
2000-2008 by innovations-report