About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Staff and Partners Site Map
Our Work
Overview
Mission Areas
Systems Engineering
Information Technology
MITRE Research Program
MITRE Federal Employee Fellowship Program
Technology Transfer Office
Technical Papers

Follow Us:
Visit MITRE on Facebook
Visit MITRE on Twitter
Visit MITRE on Linkedin
Visit MITRE on YouTube
View MITRE's RSS Feeds
View MITRE's Mobile Apps
Home > Our Work > Technical Papers >

Transformational Vulnerability Management Through Standards

March 2005

Robert A. Martin, The MITRE Corporation

ABSTRACT

The Department of Defense's new enterprise licenses for vulnerability assessment and remediation tools [1,2] call for use of capabilities that conform to both the Common Vulnerabilities and Exposures (CVE) [3] and Open Vulnerability and Assessment Language (OVAL) [4] standards efforts, as does a new Air Force enterprise-wide software agreement with Microsoft [5]. These contracting activities are part of a larger transformation of the Department of Defense's (DoD's) management and measurement of the information assurance posture of their network-enabled systems with respect to vulnerabilities, configuration settings, and policy compliance. In combination with procedural changes, the adoption of these [6] and other standards, such as the National Security Agency's (NSA's) Extensible Markup Language (XML) Configuration Checklist Data Format (XCCDF) [7], are making it possible to radically improve the accuracy and timeliness of the DoD's remediation and measurement activities which are critical to ensuring the network and systems integrity of their network-centric warfare capabilities.

View/Download Document

Additional Search Keywords

N/A

 

Page last updated: April 13, 2005   |   Top of page

Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development

 
 
 

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.
IDG's Computerworld Names MITRE a "Best Place to Work in IT" for Eighth Straight Year The Boston Globe Ranks MITRE Number 6 Top Place to Work Fast Company Names MITRE One of the "World's 50 Most Innovative Companies"
 

Privacy Policy | Contact Us