NIST IR 7693

From IDESG Wiki
Jump to navigation Jump to search

Title: Specification for Asset Identification 1.1

Category: Security Requirements Specification

Date: 6/1/2011

Creator: NIST


Description: Part of the Security Content Automation Protocol (SCAP), Asset Identification is a language for identifying organizational assets, a common initial step in risk management frameworks. The assets are primarily IT components but people and organizations may also be specified. The language supports identification of assets based on intrinsic characteristics, assigned or derived attributes and relationships to other assets. Naming of people and organizations is done with OASIS xNL 2.0. Authentication of the identified assets is out of scope.

Privacy: There may be PII among the attributes that make up a person's identity. For example the XML Schema for Asset Identification 1.1 allows specification of a person's date of birth.

Security: No specific security stipulations, relies on the SCAP Trust Model For Security Automation Data (TMSAD) for authentication and confidentiality protections.

Interoperability: The document promotes an interoperable format for specifying organizational assets.

Terms: Asset, Asset Identification, Asset Identification Element, Circuit, Computing Device, Data, Database, Extension Identifier, Identifying Information, Matching, Network, Organization, Person, Relationship Identifier, Service, Software, System, Synthetic Identifier