Making security measurable and manageable

Proceedings - IEEE Military Communications Conference MILCOM

Volumn , Issue , 2008, Pages

  Martin, Robert A ^a  

^a MITRE CORPORATION   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CRITICAL ISSUES; EXCHANGE FORMATS;

KNOWLEDGE REPRESENTATION; REGULATORY COMPLIANCE;

MILITARY COMMUNICATIONS;

EID: 78650759690     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/MILCOM.2008.4753203     Document Type: Conference Paper

References (14)

1. Martin, R. A., "Transformational Vulnerability Management Through Standards", CrossTalk: The Journal of Defense Software Engineering, May, 2005, (www.stsc.hill.af.mil/crosstalk/2005/05/0505Martin.html)
2. "The Common Vulnerabilities and Exposures (CVE) Initiative", MITRE Corporation, (cve.mitre.org)
3. Ziring, N., Quinn, S., "The Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4.", National Institute of Standards and Technology, January 2008, (csrc.nist. gov/publications/nistir/ir7275r3/NISTIR-7275r3.pdf)
4. "The Open Vulnerability and Assessment Lanugage (OVAL) Initiative", MITRE Corporation, (oval. mitre.org)
5. Evans, K. S., "OMB Memorandum for Chief Information Officers and Chief Acquisition Officers: Ensuring New Acquisitions Include Common Security Configurations", 1 June, 2007.
6. "The Federal Desktop Core Configuration (FDCC) Effort", National Institute of Standards and Technology, (nvd.nist.gov/fdcc/index.cfm)
7. "The Common Platform Enumeration (CPE) Initiative", MITRE Corporation, (cpe.mitre.org)
8. "The Common Configuration Enumeration (CCE) Initiative", MITRE Corporation, (cce.mitre.org)
9. Evans, K. S., "OMB Memorandum for Chief Information Officers: Guidance on the Federal Desktop Core Config-uration (FDCC)", 22 August 2008.
10. DISA IASSURE contract 2004 Task Order 232 (www.ditco.disa.mil/public/ discms/IASSURE/00232-00.doc), Jun. 3, 2004.
11. DISA IASSURE contract 2004 Task Order 254, (www.ditco.disa.mil/public/ discms/IASSURE/00254-00.doc), Sep. 24, 2004.
12. DISA "Asset Configuration Compliance Module" RFI, Solicitation Number ACCMRFI, (www.fbo.gov), Aug. 5, 2008.
13. "The Common Weakness Enumeration (CWE) Initiative", MITRE Corporation, (cwe.mitre.org)
14. "The Common Attack Pattern Enumeration and Classification (CAPEC) Initiative", MITRE Corporation, (capec.mitre.org)