HOME

TheInfoList



Click Here for Items Related To - Information Security Automation Program
OR:
Information Security Automation Program on:   [Wikipedia]   [Google]   [Amazon]

The Information Security Automation Program (ISAP, pronounced “I Sap”) is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations. While a U.S. government initiative, its standards based design can benefit all information technology security operations. The ISAP high level goals include standards based automation of security checking and remediation as well as automation of technical compliance activities (e.g.
FISMA The Federal Information Security Management Act of 2002 (FISMA, , ''et seq.'') is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (, ). The act recognized the importance of information security to the ec ...
). ISAP's low level objectives include enabling standards based communication of vulnerability data, customizing and managing configuration baselines for various IT products, assessing information systems and reporting compliance status, using standard metrics to weight and aggregate potential vulnerability impact, and remediating identified vulnerabilities. ISAP's technical specifications are contained in the related
Security Content Automation Protocol The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA (Fed ...
(SCAP). ISAP's security automation content is either contained within, or referenced by, the
National Vulnerability Database The National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, ...
. ISAP is being formalized through a trilateral memorandum of agreement (MOA) between
Defense Information Systems Agency The Defense Information Systems Agency (DISA), known as the Defense Communications Agency (DCA) until 1991, is a United States Department of Defense (DoD) combat support agency composed of military, federal civilians, and contractors. DISA pro ...
(DISA), the
National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collectio ...
(NSA), and the
National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into Outline of p ...
(NIST). The
Office of the Secretary of Defense The Office of the Secretary of Defense (OSD) is a headquarters-level staff of the United States Department of Defense. It is the principal civilian staff element of the U.S. Secretary of Defense, and it assists the Secretary in carrying out aut ...
(OSD) also participates and the
Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-te ...
(DHS) funds the operation infrastructure on which ISAP relies (i.e., the National Vulnerability Database).


External links


Information Security Automation Program web siteSecurity Content Automation Protocol web siteNational Vulnerability Database web site
''This document incorporates text fro
Information Security Automation Program Overview (v1 beta)
a public domain publication of the U.S. government.'' {{US-gov-stub Agencies of the United States government Computer security National security