[ISN] Government releases specs for security checklists
isn at c4i.org
Thu Jan 27 02:26:18 EST 2005
By Dawn S. Onley
The National Institute of Standards and Technology and the National
Security Agency have released a specification to standardize IT
NIST and NSA collaborated with representatives from industry to
develop the Extensible Configuration Checklist Description Format
(XCCDF)  as a way to provide a uniform format for security
checklists, benchmarks and other configuration guidance.
In their document, NIST and NSA noted that the use of such checklists
"can markedly reduce the vulnerability exposure of an organization."
By developing a single format for use in government, there is the
added benefit that agencies can easily share checklist information,
NIST and NSA said.
The Cyber-Security R&D Act of 2002 directed NIST to create and
maintain a checklist of settings and option selections that will
minimize security risks for hardware and software used within the
"A uniform and widely used format for security benchmarks, checklists
and related documents will help to improve security of government and
private IT installations by enabling more timely and effective
knowledge sharing and by fostering automated security testing and
monitoring," according to an NSA statement.
More information about the ISN