Information Security Automation Program

The Information Security Automation Program (ISAP, pronounced “I Sap”) is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations. While a U.S. government initiative, its standards based design can benefit all information technology security operations. The ISAP high level goals include standards based automation of security checking and remediation as well as automation of technical compliance activities (e.g. FISMA). ISAP’s low level objectives include enabling standards based communication of vulnerability data, customizing and managing configuration baselines for various IT products, assessing information systems and reporting compliance status, using standard metrics to weight and aggregate potential vulnerability impact, and remediating identified vulnerabilities.

ISAP’s technical specifications are contained in the related Security Content Automation Protocol

Security Content Automation Protocol

The Security Content Automation Protocol is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation . The National Vulnerability Database is the U.S...

(SCAP). ISAP’s security automation content is either contained within, or referenced by, the National Vulnerability Database

National Vulnerability Database

The National Vulnerability Database is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol . This data enables automation of vulnerability management, security measurement, and compliance...

.

ISAP is being formalized through a trilateral memorandum of agreement (MOA) between Defense Information Systems Agency

Defense Information Systems Agency

The Defense Information Systems Agency is a United States Department of Defense agency that provides information technology and communications support to the President, Vice President, Secretary of Defense, the military Services, and the Combatant Commands.As part of the Base Realignment and...

(DISA), the National Security Agency

National Security Agency

The National Security Agency/Central Security Service is a cryptologic intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting U.S...

(NSA), and the National Institute of Standards and Technology

National Institute of Standards and Technology

The National Institute of Standards and Technology , known between 1901 and 1988 as the National Bureau of Standards , is a measurement standards laboratory, otherwise known as a National Metrological Institute , which is a non-regulatory agency of the United States Department of Commerce...

(NIST). The Office of the Secretary of Defense

Office of the Secretary of Defense

The Office of the Secretary of Defense is a headquarters-level staff of the Department of Defense of the United States of America. It is the principal civilian staff element of the Secretary of Defense, and it assists the Secretary in carrying out authority, direction and control of the Department...

(OSD) also participates and the Department of Homeland Security (DHS) funds the operation infrastructure on which ISAP relies (i.e., the National Vulnerability Database).

External links

This document incorporates text from Information Security Automation Program Overview (v1 beta), a public domain publication of the U.S. government.

The source of this article is wikipedia, the free encyclopedia. The text of this article is licensed under the GFDL.