SAC BDC Materials
The downloads below are for MITRE’s "Benchmark Development Course" being held on October 26, 2009 as part of the 5th Annual IT Security Automation Conference at the Baltimore Convention Center in Baltimore, Maryland, USA. Conference registration: https://www.fbcinc.com/nist_autosec/atreg1.aspx.
Please send any comments or concerns to benchmark@mitre.org.
Downloads:
- DemoSetupInstructions.pdf (115 KB)
- Benchmark Development Course_SAC_win.zip (6.28 MB)
- Benchmark Development Course_SAC_non-win.zip (1.26 MB)
- Benchmark Development Course_SAC_Slides-Agenda.zip (33 MB)
Course Outline:
Each phase of the course is noted below along with links to the standards and tools that are referenced within each phase.
| Introduction | |
|---|---|
| Security Content Automation Protocol (SCAP) | |
| Phase 1 — Writing Good Guidance | |
| National Checklist Program | |
| Phase 2 — Augmenting Guidance | |
|
NIST Special Publication 800-53: Recommended Security Controls for Federal Information Systems
Common Configuration Enumeration (CCE™) |
|
| Phase 3 — Automating Assessment | |
| Open Vulnerability and Assessment Language (OVAL®) | |
| Phase 4 — Benchmark Structuring and Tailoring | |
|
Extensible Configuration Checklist Description Format (XCCDF) |
|
| Phase 5 — Managing Compliance | |
| XCCDF Content Automation Tool (XCAT) | |
| Conclusion | |
Page Last Updated: September 30, 2009