Metrics are critical for continuous improvement, understanding where you sit in relation to where you need to be. Perhaps you've seen this before. I'm familiar with most of these projects, but this initiative in particular was new to me.
http://measurablesecurity.mitre.org/directory/areas/systemassessment.html
Nice list guys. Cross-posting here.
In the meantime, standardization efforts in this area of cyber security include the following:
http://measurablesecurity.mitre.org/directory/areas/systemassessment.html
Nice list guys. Cross-posting here.
System Assessment
The narrative text description for this page is currently under development. Please check back later.In the meantime, standardization efforts in this area of cyber security include the following:
- Common Vulnerabilities and Exposures (CVE)
- Common Weakness Enumeration (CWE)
- Common Weakness Scoring System (CWSS)
- Common Weakness Risk Analysis Framework (CWRAF)
- Common Configuration Enumeration (CCE)
- Common Platform Enumeration (CPE)
- Open Vulnerability and Assessment Language (OVAL)
- Malware Attribute Enumeration and Characterization (MAEC)
- Common Vulnerability Scoring System (CVSS)
- Software Identification (SWID) Tags
- U.S. Federal Desktop Core Configuration (FDCC)
- United States Government Configuration Baseline (USGCB)
- U.S. Defense Information Systems Agency’s (DISA) Security Technical Implementation Guides (STIGS)
- Center for Internet Security (CIS) Benchmarks
- Security Content Automation Protocol (SCAP)