The
purpose of ASSET is to automate the completion of the questionnaire
contained in NIST Special Publication 800-26, "Security Self-Assessment
Guide for Information Technology Systems."
As
described in NIST Special Publication 800-26, the results of the
questionnaire provide a "method of evaluating the security of a
particular system or group of systems." Through interpretation of
the questionnaire results, users are able to assess the information
technology (IT) security posture for any number of systems within
their organization and, in particular, assess the status of the
organization's security program plan.
ASSET
consists of two tools -- The ASSET-System and the ASSET-Manager.
Within ASSET-System, the questionnaire is presented in a progressive
format, allowing users to move backward and forward in the questionnaire
at their discretion. The ASSET-Manager provides the ability to sort
and summarize the questionnaire results for all systems assessed
and to display the results through several formatted reports or
through an export capability.
ASSET-System
allows users to return to the assessment of a particular system,
by saving the prior status of the assessment. Once the assessment
is completed, a user can locally generate summary reports of individual
systems giving an immediate picture of the assessment results.
Both
ASSET-System and the ASSET-Manager are developed and designed to
meet the GSA Section 508 accessibility standards, as is required
by law.
ASSET
Reports
The
ASSET-System provides the capability to generate four reports, however
the tool has the functionality to export any report in a text, comma-delimited
format so that the fields can be used in any spreadsheet or application.
The four reports are:
- Summary
of Topic Areas by Level of Effectiveness
- List
of Non-Applicable Questions
- List
of Risk Based Decisions
- System
Summary
The
ASSET-Manager also provides the capability to generate four reports
and has the same export functionality as the ASSET. The four reports
are:
- Summary
of All Systems
- List
of Systems by Type
- List
By Systems Sensitivity
- Summary
by Organization
ASSET
Specifications
The
deployment platform for version 1.00 of ASSET-System and ASSET-Manager
is a Win32 binary. The tools have been tested on a Windows 2000
Professional SP2 platform with the Java 2 Standard Edition Runtime
Environment and the Microsoft SQL Server Desktop Engine version
1.0.
The
minimum system requirements for installing the two tools are:
Hardware:
Pentium II -266 MHz processor
Operating System: Windows 2000 Professional, Windows NT
Memory Requirements: 120 MB free space
Contact
Information
For
questions about the tool, please send an e-mail message to asset
at nist dot gov. **Note:
substitute the at with @ and dot with .
|