Transformational vulnerability management through standards

CrossTalk

Volumn , Issue 5, 2005, Pages 12-15

  Martin, Robert A ^a  

^a MITRE CORPORATION   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMMON VULNERABILITIES AND EXPOSURES (CVE); DEPARTMENT OF DEFENSE (DOD); INFORMATION FLOWS; MANPOWER;

COMPUTER SOFTWARE; DATA COMMUNICATION SYSTEMS; LAWS AND LEGISLATION; MILITARY OPERATIONS; SOCIETIES AND INSTITUTIONS; STANDARDS; XML;

SECURITY OF DATA;

EID: 21244477111     PISSN: None     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (13)

1. Defense Information Systems Agency. "DISA IASSURE, Contract 2004, Task Order 232, Statement of Work for eEye Digital Security's Retina." Washington: DISA, 3 June 2004 〈www.ditco.disa.mil/public/discms/IASSURE/ 00232_00.doc〉.
2. Defense Information Systems Agency. "DISA IASSURE, Contract 2004, Task Order 254, Statement of Work for Citadel's Hercules." Washington: DISA, 24 Sept. 2004 〈www.ditco.disa.mil/public/discms/IASSURE/00254_00. doc〉.
3. The MITRE Corporation. "The Common Vulnerabilities and Exposures (CVE) Initiative." Bedford, MA: MITRE Corporation 〈http://cve.mitre. org〉.
4. The MITRE Corporation. "The Open Vulnerability and Assessment Language (OVAL) Initiative." Bedford, MA: MITRE Corporation 〈http://oval.mitre.org〉.
5. Fisher, Dennis. "Microsoft, Dell Snag Air Force Deal." eWeek 29 Nov. 2004 〈www.eweek.com/article2/ 0,1759,1731420,00.asp〉.
6. Department of Defense. "Information Assurance (IA) Implementation." DoD Instruction 8500.2, Section VIVM-1, Vulnerability Management, Mission Assurance Categories I, II, and III. Washington: DoD, 6 Feb. 2003: 64, 75, 84 〈www.dtic.mil/whs/directives/corres/html/85002.htm〉.
7. Ziring, Neal. "Specification for the Extensible Configuration Checklist Description Format (XCCDF)." Ed. John Wack. Washington: National Institute of Standards and Technolo gy, Jan. 2005 〈http://csrc.nist.gov/ checklists/docs/xccdf-spec-1.0.pdf〉.
8. Defense Information Systems Agency. DISA IAVA Process Handbook. Ver. 2.1. Washington, DC: DISA, 11 June 2002 〈www.tricare.osd.mil/contracting/ healthcare/solicitations/TDP/0000/00_Attachment_16.pdf〉.
9. Joint Task Force - Global Network Operations/NetDefense [DoD-CERT]. 25 Jan. 2005 〈www.cert.mil〉.
10. Beale, Jay. "Big O for Testing." Information Security Dec. 2004 〈http://infosecuritymag.techtarget. com/ss/0,295796,sid6_iss526_art1075, 00.html〉.
11. Federation of American Scientists. "Director of Central Intelligence Directives 6/3 Protecting Sensitive Compartmented Information Within Information Systems." Washington: FAS, 5 June 1999 〈www.fas.org/irp/ offdocs/DCID_6-3_20Policy.htm〉.
12. National Institute of Standards and Technology. "Federal Information Security Management Act of 2002. Title III - Information Security." E-Government Act (Public Law 107-347), Dec. 2002 〈http://csrc.nist.gov/ policies/FISMA-final.pdf〉.
13. The SANS Institute. "The Twenty Most Critical Internet Security Vulnerabilities - The Experts Con sensus." Ver. 5.0. Bethesda, MD: The SANS Institute, 8 Oct. 2004 〈www.sans.org/top20〉.