XML-based Language Formats Checklists for IT Security

Printer-friendlyE-mail this news to a friendYour comment

To make it easier to measure the security of an information technology product or system, researchers at the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) have developed a common specification language - Extensible Configuration Checklist Description Format (XCCDF) - for writing security checklists and related documents.

Increasingly, computers and other information technology products are vulnerable to multiple threats including viruses, worms and identity or information theft. One basic, yet effective, security tool is the security configuration checklist - a series of instructions for configuring an information technology (IT) product to a baseline or benchmark level of security. Configuring a system into conformance with a benchmark or other security specification is a time-consuming and very technical task. Automated tools are available to help system administrators determine a system's conformance and recommend corrective measures. However, most of these tools are designed for a particular IT product or system.

XCCDF is an XML-based format that is flexible, vendor-neutral and suited for a wide variety of checklist applications including measuring conformance of an IT system to security benchmarks and generating a record of a benchmark test. (XML is a language - analogous to the HTML codes used to format web pages - that describes information in a standard way to allow computers to exchange information and act on it.)

"XCCDF's common format will help security professionals, vendors and system auditors to more quickly exchange information and improve automation of security testing and configuration checking," said John Wack, a researcher in NIST's Computer Security Division.

The XCCDF specification document, Specification for the Extensible Configuration Checklist Description Format (XCCDF) (NISTIR 7188), is available at http://csrc.nist.gov/checklists/. NIST, in conjunction with the Department of Homeland Security, NSA, and other organizations, is developing computer security checklists for many IT products widely used by government agencies.

27.01.2005, National Institute of Standards and Technology (NIST)




Comments on this news 


Write your comment on this news

Subscribe to the newsletter

Never miss a story and stay informed with our newsletter.
Your email:  
RSS-Feed: All current newsOur News on your website

More current news

VASCO gives an answer to security concerns when deploying Software as a Service (SaaS)
Making penetration testing work
Double trouble, as new Facebook worm targets Google Reader
Wipro and Fortify Software Form Partnership to Assure the Security of Client Software Worldwide
VASCO launches PKI-based authentication solution

News on other topics

SharePartXXL has released Version 2.0 of the Taxonomy Extension for WSS/MOSS
RTL, VOX and SUPER RTL operate communication portals with CONTENS
Finally: A professional Open Source Digital Asset Management (DAM)
Pentland selects FirstSpirit for global web content management
ContentServ has successfully extended its International Partner Network in 2008

Nachtclubs
© 1999-2008 FEiG & PARTNER | Disclaimer
The Content Management PortalThe Document Management PortalThe IT Security PortalThe Customer Relationship Management PortalThe E-Commerce PortalThe Enterprise Resource Planning PortalPortal on VoIP and mobile communication The directory of Clinic IT SolutionsThe directory for IT professionals
homeimprintprivacy policycontactadvertising

know how
virus, malware & spam
topics & trends
case studies
security culture
roundtables
it law
compliance & governance
studies & market
data security
safety engineering
mobile security
industrial security
risk management
biometric
exhibitions
firewall & vpn
content & web security
archive
search

news
current news
news archive
search
our news on your website

events
calendar

security alerts
security alerts
virus map

Quick search