The National Institute of Standards and Technology released three draft reports designed to improve security of information management systems in both the public and private sector. All three drafts are open for public comment.
The first draft, “CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Model (NIST Interagency Report 7756 Second Public Draft),” provides a reference model for organizations to collect data from across a diverse set of security tools, analyze the data, score the data, enable user queries and provide overall situational awareness.
The model is designed so organizations can meet these goals by leveraging their existing security tool investments and avoid designing and paying for custom solutions. It was developed using the Department of Homeland Security’s monitoring framework Continuous Asset Evaluation, Situational Awareness, and Risk Scoring architecture as a starting point.
The second document, “Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications (NISTIR 7799)” provides the technical specifications for the continuous monitoring reference model presented in NISTIR 7756 with enough specificity to enable instrumentation of existing products and development of new capabilities by vendors, according to NIST.
The specifications in NISTIR 7799 define an ecosystem in which a variety of interoperable products can be combined into a continuous monitoring solution.
The third document, “Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration and Vulnerability Management Domains (NISTIR 7800),” augments the reference model with guidance on addressing these specific areas. It does this by leveraging the Security Content Automation Protocol version 1.2 for configuration and vulnerability-scan content, and it recommends reporting results in an SCAP-compliant format.