U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

NISTIR 8011 Vol. 3

Automation Support for Security Control Assessments: Software Asset Management

Date Published: December 2018

Author(s)

Kelley Dempsey (NIST), Nedim Goren (NIST), Paul Eavy (DHS), George Moore (APL)

Abstract

Keywords

actual state; assessment; authorization boundary; automation; capability; continuous diagnostics and mitigation; dashboard; defect; desired state specification; firmware; information security continuous monitoring; ISCM; inventory management; malicious code; malware; mitigation; mobile code; ongoing assessment; root cause analysis; security capability; security control; security control item; software; software asset management; software file; SWID tag; whitelisting
Control Families

Assessment, Authorization and Monitoring; Risk Assessment

Documentation

Publication:
NISTIR 8011 Vol. 3 (DOI)
Local Download

Supplemental Material:
None available

Other Parts of this Publication:
NISTIR 8011 Vol. 1
NISTIR 8011 Vol. 2
NISTIR 8011 Vol. 4

Related NIST Publications:
SP 800-53A Rev. 4
SP 800-53 Rev. 4

Document History:
04/05/18: NISTIR 8011 Vol. 3 (Draft)
12/06/18: NISTIR 8011 Vol. 3 (Final)