All Resources
We have collected this list of benchmark development resources for the benefit of the community. The list is intended to be a living document and may change over time. Please send any suggestions or comments on this information to benchmark@mitre.org.
Guidance Writing
Compliance Testing
- Open Checklist Interactive Language (OCIL)
- OCIL Interpreter
- Open Vulnerability and Assessment Language (OVAL®)
- OVAL Interpreter
- XCCDF Interpreter
Enumerations Referenced by Benchmarks
Other Standards
- Common Vulnerabilities and Exposures (CVE®)
- Common Attack Pattern Enumeration and Classification (CAPEC™)
- Common Weakness Enumeration (CWE™)
Software Tools
- Recommendation Tracker™
- Regmon — a Registry monitor
- FileMon — a file access monitor
- Port Mon — a serial and parallel port monitor
- Process Explorer — a process and thread monitor
Reference Documents
Security Guidance
- Center for Internet Security Benchmarks
- DISA Security Technical Implementation Guides (STIGS)
- NIST Security Configuration Guides
- NIST National Checklist Program Repository
Organizations
- Center for Internet Security
- Defense Information Systems Agency (DISA)
- National Institute of Standards and Technology (NIST)
Other
Page Last Updated: November 02, 2011