NIST IR 7693: Difference between revisions
m (2 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:02, 28 June 2018
Title: Specification for Asset Identification 1.1
Category: Security Requirements Specification
Date: 6/1/2011
Creator: NIST
URL: http://csrc.nist.gov/publications/nistir/ir7693/NISTIR-7693.pdf
Description: Part of the Security Content Automation Protocol (SCAP), Asset Identification is a language for identifying
organizational assets, a common initial step in risk management frameworks. The assets are primarily IT
components but people and organizations may also be specified. The language supports identification of
assets based on intrinsic characteristics, assigned or derived attributes and relationships to other assets.
Naming of people and organizations is done with OASIS xNL 2.0. Authentication of the identified assets is
out of scope.
Privacy: There may be PII among the attributes that make up a person's identity. For example the XML Schema for
Asset Identification 1.1 allows specification of a person's date of birth.
Security: No specific security stipulations, relies on the SCAP Trust Model For Security Automation Data (TMSAD) for
authentication and confidentiality protections.
Interoperability: The document promotes an interoperable format for specifying organizational assets.
Terms: Asset, Asset Identification, Asset Identification Element, Circuit, Computing Device, Data, Database, Extension Identifier, Identifying Information, Matching, Network, Organization, Person, Relationship Identifier, Service, Software, System, Synthetic Identifier