Standards-Based Automated Remediation: A Remediation Manager Reference Implementation
available formats: PDF | Mobi/Kindle | ePub
This report describes the Software Engineering Institute's work in calendar year 2010 for the National Security Agency Computer Network Defense Research and Technology Program Management Office to develop standards for remediation of vulnerabilities and compliance issues on Department of Defense (DoD) networked systems. The overall goals are to assist in the development of remediation standards, demonstrate the functionality DoD would like in a remediation manager, and increase efficiency and effectiveness of remediation by automating the remediation process.
The 2010 Remediation Manager reference implementation demonstrates the following potential applications of remediation and other security automation standards: (1) Ingest scan findings in Security Content Automation Protocol (SCAP) format, extracting host compliance issues (in Common Configuration Enumeration [CCE] format) and vulnerabilities (in Common Vulnerability Enumerations [CVE] format). (2) Map CCE and CVE to remediation actions (in Common Remediation Enumeration [CRE] format). (3) Build remediation tasks in Remediation Tasking Language (RTL), based on CRE. (4) Transmit remediation tasks to a Remediation Tool on a host system. (5) Receive remediation task execution status, in RTL Results Format, from the Remediation Tool. This report identifies capabilities considered for future versions of the reference implementation and the operational system as well as challenges for future work.
available formats: PDF | Mobi/Kindle | ePub
Related Reading
Standards-Based Automated Remediation: A Remediation Manager Reference Implementation, 2011 Update
This report is related to the following area(s) of work:
Acquisition SupportSecurity and Survivability
Special Report
CMU/SEI-2011-SR-007
July 2011
Cite This Report
SEI:
Chaki, Sagar; Creel, Rita; Davenport, Jeff; Kinney, Mike; McCormick, Benjamin; & Popeck, Mary. Standards-Based Automated Remediation: A Remediation Manager Reference Implementation (CMU/SEI-2011-SR-007). Software Engineering Institute, Carnegie Mellon University, 2011. http://www.sei.cmu.edu/library/abstracts/reports/11sr007.cfm
IEEE:
S. Chaki, R. Creel, J. Davenport, M. Kinney, B. McCormick, and M. Popeck, "Standards-Based Automated Remediation: A Remediation Manager Reference Implementation," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Special Report CMU/SEI-2011-SR-007, 2011. http://www.sei.cmu.edu/library/abstracts/reports/11sr007.cfm
APA:
Chaki, S., Creel, R., Davenport, J., Kinney, M., McCormick, B., & Popeck, M. (2011). Standards-Based Automated Remediation: A Remediation Manager Reference Implementation (CMU/SEI-2011-SR-007). Retrieved May 21, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/11sr007.cfm
CHI:
Chaki, Sagar, Rita Creel, Jeff Davenport, Mike Kinney, Benjamin McCormick, and Mary Popeck. Standards-Based Automated Remediation: A Remediation Manager Reference Implementation (CMU/SEI-2011-SR-007). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2011. http://www.sei.cmu.edu/library/abstracts/reports/11sr007.cfm
MLA:
Chaki, S., Creel, R., Davenport, J., Kinney, M., McCormick, B., & Popeck, M. 2011. Standards-Based Automated Remediation: A Remediation Manager Reference Implementation (Technical Report CMU/SEI-2011-SR-007). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/11sr007.cfm
Find Us Here
Share This Page
For more information
