Information Security Automation Program
- Information Security Automation Program
The Information Security Automation Program (ISAP, pronounced “I Sap”) is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations. While a U.S. government initiative, its standards based design can benefit all information technology security operations. The ISAP high level goals include standards based automation of security checking and remediation as well as automation of technical compliance activities (e.g. FISMA). ISAP’s low level objectives include enabling standards based communication of vulnerability data, customizing and managing configuration baselines for various IT products, assessing information systems and reporting compliance status, using standard metrics to weight and aggregate potential vulnerability impact, and remediating identified vulnerabilities.
ISAP’s technical specifications are contained in the related Security Content Automation Protocol (SCAP). ISAP’s security automation content is either contained within, or referenced by, the National Vulnerability Database.
ISAP is being formalized through a trilateral memorandum of agreement (MOA) between Defense Information Systems Agency (DISA), the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST). The Office of the Secretary of Defense (OSD) also participates and the Department of Homeland Security (DHS) funds the operation infrastructure on which ISAP relies (i.e., the National Vulnerability Database).
External links
* [http://nvd.nist.gov/scap.cfm Information Security Automation Program web site]
* [http://scap.nist.gov Security Content Automation Protocol web site]
* [http://nvd.nist.gov National Vulnerability Database web site]
Wikimedia Foundation.
2010.
Look at other dictionaries:
Information Technology Infrastructure Library — The Information Technology Infrastructure Library (I), is a set of good practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. In its current form (known as ITILv3 and ITIL 2011 edition), ITIL… … Wikipedia
information system — Introduction an integrated set of components for collecting, storing, processing, and communicating information (information science). Business firms, other organizations, and individuals in contemporary society rely on information systems… … Universalium
information processing — Acquisition, recording, organization, retrieval, display, and dissemination of information. Today the term usually refers to computer based operations. Information processing consists of locating and capturing information, using software to… … Universalium
Cyber security standards — are security standards which enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks. These guides provide general outlines as well as specific techniques for implementing cyber… … Wikipedia
Computers and Information Systems — ▪ 2009 Introduction Smartphone: The New Computer. The market for the smartphone in reality a handheld computer for Web browsing, e mail, music, and video that was integrated with a cellular telephone continued to grow in 2008. According to… … Universalium
Payment Card Industry Data Security Standard — The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e purse, ATM, and POS cards. Defined by the Payment Card… … Wikipedia
Indian Institute of Information Technology, Allahabad — Infobox University name = Indian Institute of Information Technology, Allahabad established = 1999 type = Public, Education and Research city = Allahabad state = Uttar Pradesh country = India motto = Pragyanam Brahm head = Prof. M.D.Tiwari… … Wikipedia
Communications security — Not to be confused with Commonwealth Securities. Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended… … Wikipedia
Control system security — is the prevention of intentional or unintentional interference with the proper operation of industrial automation and control systems. These control systems manage essential services including electricity, petroleum production, water,… … Wikipedia
Social Security Administration — Official seal Agency overview Formed August 14, 1935 Jurisdiction … Wikipedia