-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Larry Seltzer wrote: > Below is the section of S.773 mandating that NIST establish ?measurable > and auditable cybersecurity standards? for systems and networks. > > Do standards along these lines exist already? I guess I?d be surprised > if nothing like this exists, but the only ones I?m aware of don?t have a > lot of real world-relevance, like C1 and B certifiability. > > Some of it is already in place or at least being worked on, like the > standard configurations (see > http://www.eweek.com/c/a/Security/Standardizing-the-Federal-Desktop/) or > the vulnerability specification stuff. > > Do others think the other elements and the big picture of this is practical? > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > [email protected] > <mailto:[email protected]>
Larry, All standards with which I am familiar, and I think I have a good grasp of what is out there, have to do with: 1) Hardening systems and networks 2) Policy and Processes 3) Best Practices I am not familiar with anything that addresses software development security per se. As I recall, even IEEE/ISO 12207, which replaced the old MilStd-498, does not address software security processes. I think that spending money to specify the best practices for software security and developing secure software is a great place to put our tax dollars. It will be money well spent. Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 (NEW!) s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkncF1UACgkQUVxQRc85QlN1DACfc/e8uxz7wc8u2podQ6Fm1O5O cnwAnjR72u66DoR97fKuyG5qEodvKsMZ =tk/n -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
