Advanced Search

Content Type

Topics

Publication Date

Standards-Based Automated Remediation: A Remediation Manager Reference Implementation

Abstract

This report describes the Software Engineering Institute's work in calendar year 2010 for the National Security Agency Computer Network Defense Research and Technology Program Management Office to develop standards for remediation of vulnerabilities and compliance issues on Department of Defense (DoD) networked systems. The overall goals are to assist in the development of remediation standards, demonstrate the functionality DoD would like in a remediation manager, and increase efficiency and effectiveness of remediation by automating the remediation process. The 2010 Remediation Manager reference implementation demonstrates the following potential applications of remediation and other security automation standards: (1) Ingest scan findings in Security Content Automation Protocol (SCAP) format, extracting host compliance issues (in Common Configuration Enumeration [CCE] format) and vulnerabilities (in Common Vulnerability Enumerations [CVE] format). (2) Map CCE and CVE to remediation actions (in Common Remediation Enumeration [CRE] format). (3) Build remediation tasks in Remediation Tasking Language (RTL), based on CRE. (4) Transmit remediation tasks to a Remediation Tool on a host system. (5) Receive remediation task execution status, in RTL Results Format, from the Remediation Tool. This report identifies capabilities considered for future versions of the reference implementation and the operational system as well as challenges for future work. 

Related Reading

Standards-Based Automated Remediation: A Remediation Manager Reference Implementation, 2011 Update
Download

Addtional Formats

mobi
epub

Cite This Report

Show Citation Formats

SEI

Chaki, Sagar; Creel, Rita; Davenport, Jeff; Kinney, Mike; McCormick, Benjamin; & Popeck, Mary. Standards-Based Automated Remediation: A Remediation Manager Reference Implementation (CMU/SEI-2011-SR-007). Software Engineering Institute, Carnegie Mellon University, 2011. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9721

IEEE

Chaki. Sagar, Creel. Rita, Davenport. Jeff, Kinney. Mike, McCormick. Benjamin, and Popeck. Mary, "Standards-Based Automated Remediation: A Remediation Manager Reference Implementation," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Special Report CMU/SEI-2011-SR-007, 2011. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9721

APA

Chaki, Sagar., Creel, Rita., Davenport, Jeff., Kinney, Mike., McCormick, Benjamin., & Popeck, Mary. (2011). Standards-Based Automated Remediation: A Remediation Manager Reference Implementation (CMU/SEI-2011-SR-007). Retrieved August 29, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9721

CHI

Sagar Chaki, Rita Creel, Jeff Davenport, Mike Kinney, Benjamin McCormick, & Mary Popeck. Standards-Based Automated Remediation: A Remediation Manager Reference Implementation (CMU/SEI-2011-SR-007). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2011. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9721

MLA

Chaki, Sagar., Creel, Rita., Davenport, Jeff., Kinney, Mike., McCormick, Benjamin., & Popeck, Mary. 2011. Standards-Based Automated Remediation: A Remediation Manager Reference Implementation (Technical Report CMU/SEI-2011-SR-007). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9721