All Resources
We have collected this list of benchmark development resources for the benefit of the community. The list is intended to be a living document and may change over time. Please send any suggestions or comments on this information to benchmark@mitre.org.
Guidance Writing
Compliance Testing
- Open Checklist Interactive Language (OCIL)
- Open Vulnerability and Assessment Language (OVAL®)
- Interactive Schema Interpreter
Enumerations Referenced by Benchmarks
- Common Configuration Enumeration (CCE™)
- Common Platform Enumeration (CPE™)
- Common Vulnerability Scoring System (CVSS)
- Security Content Automation Protocol (SCAP)
Other Standards
Software Tools
- Recommendation Tracker™
- Benchmark Editor™
- Windows Investigator Tool
- XCCDF Content Automation Tool (XCAT)
- Process Monitor — a process and thread monitorv
- Regmon — a Registry monitor
- FileMon — a file access monitor
- Port Mon — a serial and parallel port monitor
- Process Explorer — a process and thread monitor
Reference Documents
Security Guidance
- Center for Internet Security Benchmarks
- DISA Security Technical Implementation Guides (STIGS)
- NSA Security Guides
- NIST Security Configuration Guides
- NIST National Checklist Program Repository
Organizations
- Center for Internet Security
- Defense Information Systems Agency (DISA)
- National Institute of Standards and Technology (NIST)
Other
Page Last Updated: August 4, 2009