Home > Articles > Security > General Security and Privacy

  • Print
  • + Share This
Like this article? We recommend

New Standards and Guidelines

There's a movement across government to standardize everything. This includes implementation of security controls where possible. The National Institute of Standards and Technology (NIST) has taken the lead in this effort through the Information Security Automation Program (ISAP), in cooperation with the Defense Information Systems Agency (DISA), the National Security Agency (NSA), and the Office of Secretary of Defense (OSD). The overall project is funded by the Department of Homeland Security (DHS).

One of the components of ISAP is the Security Content Automation Protocol (SCAP). The goal of SCAP is to develop standards for the automation of vulnerability management, measurement, and policy compliance checking. The operational infrastructure on which all of this relies is the National Vulnerability Database (NVD).

The NVD contains several resources that can be leveraged by government agencies to ease the implementation of standards and tracking of compliance:

I believe that this ISAP effort could lead to some changes in the security products industry. This could promote changes in how products are sold and structured.

  • + Share This
  • 🔖 Save To Your Account