cee.mitre.org
Common Event Expression: CEE News — 2012 Archive
http://cee.mitre.org/news
CEE Website is in Archive status — read the announcement. News and Events Archive. Are active logging standardization efforts. We thank all members of the CEE Community for your work in developing and refining CEE throughout the years. Please send any inquiries about transition opportunities for CEE, or other comments or concerns, to cee@mitre.org. News and Events — 2012 Archive. September 12, 2012. CEE/Making Security Measurable Booth at. IT Security Automation Conference 2012. Visit the CEE Calendar.
altex-soft.com
ALTEX-SOFT
http://www.altex-soft.com/scap.htm
Security Content Automation Protocol (. Includes a number of open standards, supported by the international community of professionals in the field of information security. The latest version (version 1.2) SCAP consists of eleven components of the Protocol in five categories:. Languages SCAP will normalize dictionaries and expressions describing the security policy, mechanisms of monitoring and evaluation results. SCAP includes the following components:. OVAL , Open vulnerability and assessment language.
federalcybersecurity.org
Continuous Monitoring
http://www.federalcybersecurity.org/ContinuousMonitoring.html
CompTIA Security (Entry Level). FITSP CM Presentation w/Notes. FITSP CM Presentation Video Recording of iVLT, July 27, 2012. CM Guidance for Managers. SP 800-55 Performance Metrics. SP 800 -137 Continuous Monitoring Program. SCAP Protocol and Component Specifications. SP 800-117 Adoping and Using SCAP. SP 800 -126 Technical Guidance for SCAP. OVAL - Open Vulnerability Assessment Language. OCIL - Open Checklist Interactive Language. XCCDF - Extensible Configuration Checklist Description Format.
federalcybersecurity.org
ISCM Presentation
http://www.federalcybersecurity.org/fitspEnroll.html
CompTIA Security (Entry Level). 12TH ANNUAL MARINE CORPS CYBERSECURITY CONSORTIUM (MCCYC). Special 1 Hour Online Class - Live. September 19th, 2012 7pm - 8pm. Send Registration requests to. Alternatively, you may access a pre-recorded presentation, along with the notes via the links below. FITSP CM Presentation w/Notes. FITSP CM Presentation Video Recording. CM Guidance for Managers. SP 800-55 Performance Metrics. SP 800 -137 Continuous Monitoring Program. SCAP Protocol and Component Specifications.
benchmarkdevelopment.mitre.org
Benchmark Development: Standards and Tools
http://benchmarkdevelopment.mitre.org/standards_tools/stnds-tools.html
Resources for creating standards-based, structured, and automatable security guidance. IMPORTANT: This website is being maintained as an archive for the community. It is no longer being updated. How to Write a Good Benchmark. Example of a Good Benchmark. MITRE has developed extensive experience and expertise working with information security standards and security content management tools to create and manage security guidance. These are listed on the Recommended Standards. Mdash; an open standard that c...
stixproject.github.io
Data Model Documentation | STIX Project Documentation
http://stixproject.github.io/data-model
Getting Started with Python. STIX 1.1.1. STIX 1.0.1. Construct serves as a wrapper for conveying a set of STIX content that may or may not be related in the same document. It can also be used to mark the content it includes, give it the same information source, or indicate that it complies to a set of profiles. Describes shared context around a group of STIX content that is related in some way. For example, a report may describe:. A whitepaper on how a threat actor uses a piece of malware. Component is u...
stixproject.github.io
STIX Whitepaper | STIX Project Documentation
http://stixproject.github.io/getting-started/whitepaper
Getting Started with Python. STIX 1.1.1. STIX 1.0.1. Download a PDF Version. Of the white paper. Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX ). February 20, 2014. Version 1.1, Revision 1. STIX, TAXII, CybOX, MAEC, CAPEC, CVE, CWE and CCE are trademarks of The MITRE Corporation. Comments, questions, suggestions, and concerns are all appreciated. Conclusion and Future Work. A holistic understanding of the threat posed by the adversary enables ...
benchmarkdevelopment.mitre.org
Benchmark Development: All Resources
http://benchmarkdevelopment.mitre.org/standards_tools/resources.html
Resources for creating standards-based, structured, and automatable security guidance. IMPORTANT: This website is being maintained as an archive for the community. It is no longer being updated. How to Write a Good Benchmark. Example of a Good Benchmark. Extensible Configuration Checklist Description Format (XCCDF). Open Checklist Interactive Language (OCIL). Open Vulnerability and Assessment Language (OVAL). Enumerations Referenced by Benchmarks. Common Configuration Enumeration (CCE™). DISA Security Te...
benchmarkdevelopment.mitre.org
Benchmark Development: How to Write a Good Benchmark
http://benchmarkdevelopment.mitre.org/about/write.html
Resources for creating standards-based, structured, and automatable security guidance. IMPORTANT: This website is being maintained as an archive for the community. It is no longer being updated. How to Write a Good Benchmark. Example of a Good Benchmark. How to Write a Good Benchmark. 5 tips for writing benchmarks that are clear, concise, and unambiguous. The recommendation should be a directive using imperative voice. Do not use the words restrict or limit to ensure clarity. Use and/or reference industr...