ASSET does not require Internet access. The application does not require network connectivity.

NIST no longer supports this tool. This tool is available for the non-federal agencies who wish to use it.

Because ASSET is an application much like an Excel spreadsheet, it does not require a security plan. The computer where ASSET is installed and its data processed should be covered in a larger general support system security plan.

The functionality of the questionnaire does not support merging portions of the same questionnaire into one questionnaire. The questionnaire must be saved as a file, e-mailed or hand-carried to the next person who answers the questions. The answers override any previous answers made to the same questions. A list is maintained on who has answered each question.

Extensible markup language (XML) is a standard format for transferring and storing data. ASSET uses this data format to transfer the data contained within the file you export to the ASSET database.

It depends. The functionality of the tool is fixed and cannot be modified. Assessments may be customized if there are certain questions that are common to more than one assessment. Standardized assessments can be created with the common questions answered. This 'standard' assessment can then be exported and emailed to users of ASSET - System. These users can then import this 'standard' assessment, change the system number and name, and continue answering the questions that are unique to the system being assessed.

The source code is available for download from this site.

Business rules are essential when aggregating the completed system assessments. These business rules are discussed in the ASSET User Manual. One business rule is that the effectiveness level for each question must be selected in ascending order, i.e., procedures (level 2) must be checked before implemented (level 3), etc. This business rule is one of the requirements contained in NIST Special Publication 800-26. The software only enforces this requirement.

Vulnerabilities exist in all software and are reported in a number of publicly accessible databases (i.e. http://icat.nist.gov). It is essential that all users of software recognize these vulnerabilities and apply any mitigating procedures or patches. NIST recognizes and has validated reports of the vulnerabilities inherent in all software, including MSDE. Since ASSET uses MSDE as its database engine, it was important to describe the mitigation process to all users of ASSET. The mitigation procedures that have been provided in the ASSET User Manual will establish a very high level of security for ASSET. Additionally, the MSDE mitigation procedures that NIST has provided are applicable to other products using MSDE as well.

ASSET was designed for compatibility with the Microsoft Windows NT family of operating systems (NT/2000/XP). Please download the instructions detailing the steps required to install NIST ASSET on Windows NT using the NIST ASSET installer.

NIST ASSET Windows NT Installation Instructions [pdf - 81.4 KB]

MSDE can be installed manually. Users of ASSET should follow these directions only if they have been directed to by ASSET support personnel.

Instructions on Manual Installation of MSDE [pdf - 101 KB]

Yes there are interoperability issues; please download the following document which provides guidance on how to resolve the interoperability issues.

ASSET & Microsoft Visio Interoperability [pdf - 191 KB]

Because the XML format used for transferring data files between ASSET System and Manager uses certain command characters in the XML language, using these specific characters in any text or comment field will not allow that file to be reimported into ASSET (it can be exported out of ASSET). These special characters include: &, <, >, and %. If you have already used these special characters in your assessment, simply return to the assessment and change the characters.

In this case the 1608 error is being caused by InstallShield. It encountered some particular setting on your operating system that it did not like. The first things to try are to go over this list of items and make sure you have done each one of them:

1. If you are on Windows 2000 Professional (Windows 2000 Server is not supported at this time), did you install service pack 2 or 3 before attempting to install ASSET?

Reason:
InstallShield is the program that installs ASSET onto your machine. This program interacts with a service called the Windows Installer that is present on every Windows 2000 machine. This service was updated in service pack 2 of Windows 2000 Professional. The ASSET installer should attempt to update the Windows Installer if it detects an older version.

If you are not running SP2 or SP3, you are welcome to attempt to update the installer manually. You can download the installer from this URL: (by clicking URL, you will be leaving NIST webserver and will be going to Mircosoft's website)

http://support.microsoft.com/?kbid=269732

2. Are you attempting this installation with the Administrator user account? Or as an account with administrative privileges?

Reason:
ASSET needs to perform certain actions during install. Because these actions access parts of your computer that are protected only someone with administrative privileges can perform them successfully. If you are not an administrator on your machine contact your local LAN administrator and ask them for help.

3. Each time the installation fails do you back out of the install as described in the ASSET user manual? Certain components are not covered by the normal uninstallation and must be verified/performed manually. You can obtain a PDF copy of the user manual at this URL: (note - manual is in .pdf format)

http://csrc.nist.gov/asset/nistir-6885-final.pdf

Try to verify these actions and if possible attempt the installation again.