by Josef Weiss
March 26, 2015
The Security Content Automation Protocol (SCAP) is a line of standards managed by NIST. It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise.
SCAP Benchmark audit files assign a Severity Code to each system security weakness to indicate the risk level associated with the security weakness and the urgency with which the corrective action must be completed.
This collection presents the analyst with vulnerability information within the environment. Data is presented on the number of SCAP Severity vulnerability concerns, networks that have SCAP vulnerability results, when audits have been performed, IP summary, and a failing items SCAP vulnerability summary.
The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Threat Detection & Vulnerability Assessments.
The dashboard requirements are:
- Tenable.sc 4.7
- Nessus 8.4.0
The collection contains the following components:
- SCAP Alerts (Severity) - Audits Performed - The Audits Performed matrix contains regex filters that look for SCAP compliance results (pass or fail) that are of a specified age, and displays and indication of SCAP scans present over the last 7, 30, or over 30 days. Icons are displayed in the appropriate column if results are found, displaying a green check for any results found within the time frame. If no results are found, ‘None’ is displayed in the column.
- SCAP Alerts (Severity) - Severity Level (Pass/Fail) - A Severity Code is assigned to each system security weakness to indicate the associated risk level. The Severity Level can assist in determining the urgency with which the corrective action must be completed. The matrix provides indication if vulnerability results exist for the specified Severity level, the total number of vulnerabilities found, and vulnerability counts in regard to Pass/Fail levels, or if additional action or manual intervention is required.
- SCAP Alerts (Severity) - IP Summary - The SCAP IP Summary table utilizes the IP Summary tool with a filter for the term for SCAP Severity results, with filters for vulnerability severity results. The table displays an IP Summary of SCAP vulnerability Severity Levels, vulnerabilities, and total counts. This allows the analyst to view SCAP vulnerability results quickly for a specific IP address or host name.
- SCAP Alerts (Severity) - Networks with Failed Audit Results - SCAP Networks with Failed Audit Results displays data on Class C networks that contain vulnerability results for SCAP Severity Levels. The Class C network, repository, and total number of vulnerability results are displayed. This allows the analyst to determine which Class C networks contain SCAP vulnerability results, and the total counts of those results.
- SCAP Alerts (Severity) - Failing Items Summary - The SCAP Failing Items Summary table utilizes the vulnerability summary tool to display SCAP vulnerability Severity Levels. Displayed are the reported vulnerabilities, sorted by count. The top 10 items are displayed, which allows the analyst to quickly determine which SCAP Severity Level vulnerabilities are the most prevalent within the environment. Additional results beyond the top 10 can be displayed by adjusting the settings within the component.