NIST Interag e
(Second Draf t
Jointl y devel o
Department o
ency Report 7 7
)
oped with the
of Homeland S
56
Securit y 7
t
CAAESASARSS Fraaworkk mew
Exxtennsionn: Ann Enteerprrise
Coontinnuouus Moonitooringg
Teechnnical Ref eerennce MModeel
(SSecoo )) nd DDraft
Petter Mell, David WWalterm iire, Larr yy Feldmman,
e ng, Zac nd, and Harrold Bo ooth, Alfr ed Ouya hh Raglaa
Timmothy M ccBride
Reports on Computer Systems Technology
NIST Interagency Report 7756
(Second Draft) CAESARS Framework Extension: An
Enterprise Continuous Monitoring Technical
Reference Model (Second Draft)
Peter Mell, David Waltermire, Larry
Feldman, Harold Booth, Zach Ragland,
Alfred Ouyang, and Timothy McBride
C O M P U T E R S E C U R I T Y
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
January 2012
U.S. Department of Commerce
Secretary John E. Bryson
National Institute of Standards and Technology
Patrick D. Gallagher, Under Secretary for Standards
and Technology and Director
NISTIR 7756, Second Draft – January 2012
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at th e National Institute of Standards and Technology
(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s
measurement and standards infrastructure. ITL devel ops tests, test methods, reference data, proof of
concept implementations, and technical analysis to advance the development and productive use of
information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guide lines for the cost-effective security and privacy of
sensitive unclassified information in Federal comput er systems. This Interagency Report discusses ITL’s
research, guidance, and outreach efforts in computer security and its collaborativ e activities with industry,
government, and academic organizations.
National Institute of Standards and Technology Interagency Report 7756
35 pages (Jan. 2012)
Certain commercial entities, equipment, or materials may be identified in this
document in order to describe an experimental procedure or concept adequately.
Such identification is not intended to imply recommendation or endorsement by the
National Institute of Standards and Technology, nor is it intended to imply that the
entities, materials, or equipment are necessa rily the best available for the purpose.
2
NISTIR 7756, Second Draft – January 2012
Acknowledgments
The authors would like to thank the original research team that developed the Department of Homeland
Security (DHS) Federal Network Security’s seminal work on continuous monitoring architectures. The
Continuous Asset Evaluation, Situational Aware ness, and Risk Scoring (CAESARS) architecture1,
created with MITRE support, formed the foundation of this work.
Also, we would like to recognize the following indi viduals for their participation on the continuous
monitoring research team, insightful ideas, and review of this work: Stephen Yo rk, Peter Sell, and David
Minge from the National Security Agency; Adam Halbardier, Adam Humenansky, Joe Debra, and Amit
Mannan from Booz Allen Hamilton; and Mark Crouter from MITRE.
Finally, we would like to thank the United St ates Chief Information Officer Council’s Information
Security and Identity Management Subcommittee (I SIMC) on Continuous Security Monitoring for its
leadership and direction as we created this publication. In particular we would like to thank the former
and current co-chairs2: Colonel Michael Jones from the US Ar my, John Streufert from Department of
State (DOS), Kevin Dulany from the O
Draft-NISTIR-7756_second-public-draft
安全标准 >
NIST >
文档预览
中文文档
35 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共35页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:17:10上传分享