For the past several years, The MITRE
Corporation has supported a government-sponsored System Security Analysis
project by producing XCCDF benchmarks. While the utility of benchmarks is
clear, their creation is often difficult and time consuming. The difficulties
begin in the security guidance phase with inconsistencies and ambiguities in
documenting security recommendations and supporting data, and they continue to
the automation phase in finding the configuration data needed to construct the
MITRE has developed experiential knowledge
and expertise in developing and managing standards-based security content, as
well as a suite of security content management tools that can help anyone
attempting to develop security guidance. We have packaged this all up in
a one-day course and we’d like to share it with the community.
Please contact me if you would be interested
in taking such a course later this summer.