SCAP Working Group and Workshops

Mission and Overview

NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).

Resource Status

NVD contains:

33023	CVE Vulnerabilities
130	Checklists
151	US-CERT Alerts
2270	US-CERT Vuln Notes
2097	OVAL Queries

Last updated: 10/07/08

CVE Publication rate:

15 vulnerabilities / day

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index

Vulnerability Workload Index: 9.51

About Us

NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security’s National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

SCAP Working Group and Workshops 9/17/07, 9/18/07, 9/21/07

NOTE: YOU MUST REGISTER SEPARATELY FOR THE CONFERENCE. REGISTERING VIA EMAIL FOR THE WORKSHOP/WORKGROUP DOES NOT IMPLY REGISTRATION TO THE CONFERENCE.

During the week of the conference, we are hosting 3 SCAP related events that are not part of the conference and require separate registration. As part of your registration email for these non-conference events (see below for details) you will be required to provide the following information:

a.) Full name as it appears on their government issued ID card:
b.) Citizenship
c.) Address
d.) Telephone Number
e.) Any special needs (optional)

Your registration will not be accepted if this information is not provided in your email.

Workshops: Tuesday Sept 18th and Friday Sept 21st.
---------------------------------------------------------

Open to all to attend for an introduction to the standards. This is technical and presupposes a working familiarity of the standards comprising SCAP including CVE, CCE, CPE, CVSS, XCCDF and OVAL. A basic understanding of XML will be required. For more information on these standards please visit the SCAP website. To register for these workshops, please send an email to Steve Boczenowski (sboczeno@mitre.org) with the word "WORKSHOPS" in the subject line and include your contact and citizenship info from above.

Workgroup: Monday Sept. 17th.
---------------------------------------------------------

We will be reviewing and discussing the SCAP 1.0 requirements for compliance/assessment tools. We ask that only 1 representative per company attend as space is limited and the conversation will be very technical (not introductory). To register for this single workgroup, please send an email to Dave Waltermire (david.waltermire@nist.gov) with the subject line of "SINGLE WORKGROUP" and include your contact and citizenship info from above.

The following will be the agenda for the 3 event days:

Monday -

SCAP 1.0 Requirements for Compliance/Assessment Tools, Review and Discussion Working Group (Dave Waltermire, John Banghart)

---------------------------------------
8:00 - Attendees arrive / Networking
8:30 - Introductions
8:45 - Review Requirements
10:30 - Morning Break
10:45 - Review (continued)
11:30 - Lunch
12:30 - Review (continued)
2:15 - Afternoon Break
2:30 - Discussion of additional requirements
4:30-4:45 - Recap Discussion and Action Items

Tuesday
----------------
8:00 - Registration
8:30 - Welcome (Steve Boczenowski)
8:45 - SCAP Nuts n Bolts (Matt Barrett)
9:45 - Enumerations: CVE, CCE, & CPE (Dan Schmidt, David Mann)
10:30 - Break
10:45 - Enumerations (continued): CVE, CCE, & CPE (Dan Schmidt, David Mann)
12:00 - Lunch
1:00 - Enumerations (continued): CVE, CCE, & CPE (Dan Schmidt, David Mann)
1:45 - CVSS (Peter Mell)
2:30 - Break
2:45-4:45 - OVAL (Jon Baker)

Wed
----------------
conference

Thurs
----------------
conference

Friday
----------------
9:00 - CVE/CCE Public Board Meeting (David Mann)
12:00 - Lunch - 1 hour
1:00 - XCCDF (Neal Ziring)
2:00-3:30 - SCAP Roundtable - panel discussion