Information Assurance

Among our most prominent efforts in the field of cybersecurity are CVE, OVAL, and related initiatives, which are fast becoming information assurance standards.

Overview

In the area of information assurance, we investigate security vulnerabilities in distributed information systems; develop architectures, systems, and techniques for providing protection from attack and exploitation; and test and evaluate existing tools for system protection.

Among our most prominent efforts in the field of cybersecurity are CVE, OVAL, and related initiatives, which are fast becoming information assurance standards. Together, they are part of a larger program known collectively as "Making Security Measurable." For example, the CVE (Common Vulnerabilities and Exposures) initiative is a list of more than 20,000 names industry experts have agreed to use in identifying vulnerabilities. CVE also is also being used as the basis for the National Vulnerability Database (NVD), developed by the U.S. National Institute of Standards and Technology. Our OVAL (Open Vulnerability and Assessment Language) project offers baseline standards that help determine the presence of vulnerabilities and configuration issues on computer systems. We are now leveraging the CVE and OVAL initiatives to help the Department of Defense (DoD) transform its enterprise incident and remediation management efforts. An associated effort, Common Malware Enumeration (CME), provides single, common identifiers to new virus threats and to the most prevalent emerging virus threats to reduce public confusion during malware incidents. CME is not an attempt to replace the vendor names used for viruses and other forms of malware, but rather to facilitate the adoption of a shared, neutral indexing capability for malware.

Other examples of MITRE technical solutions that benefit industry, academia, government, and the public include our work in data fusion and data mining. This work involves intrusion detection, vulnerability management, asset security management, and malware response threat analysis. Our research on the ELICIT (Exploit Latent Information to Counter Insider Threats) shows promise for assisting organizations in detecting malicious insider activity before it causes significant damage.

Related Information

Articles and News

• Share and Share Alike: Building an Information Interoperability Toolkit
• Digest Flashback: Targeting the 25 Most Dangerous Programming Errors
• MITRE's Cyber Security Operations Center Helps Sponsors Keep Networks Secure
• Private Eyes: Keeping Personal Information Safe
• Healthcare IT Standards to Bring Order to Medical Records
• Helping HUD Give Your Information a Safe Home
• Unlocking Medical Secrets While Safeguarding Patient Privacy
• Helping HUD Give Your Information a Safe Home

Technical Papers and Presentations

• Improving Cyber Security and Mission Assurance via Cyber Preparedness (Cyber Prep) Levels
• An Architecture of IA Processes
• A Secure, Structured, Distributed Caching System for Providing Availability of Mission-Critical Reference Data
• Information Interoperability and Provenance for Emergency Preparedness and Response
• PLUS: Synthesizing Privacy, Lineage, Uncertainty and Security
• Scalable Access Controls for Lineage
• An Architecture of IA Processes
• Selected MITRE Cyber-Related Research and Initiatives

Websites

• 2009 Innovation Exchange
• Common Vulnerabilities and Exposure (CVE)
• Open Vulnerability Assessment Language (OVAL)
• Making Security Measurable (MSM)

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.

Privacy Policy | Contact Us