Information Security Automation Program
Encyclopedia
The Information Security Automation Program (ISAP, pronounced “I Sap”) is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations. While a U.S. government initiative, its standards based design can benefit all information technology security operations. The ISAP high level goals include standards based automation of security checking and remediation as well as automation of technical compliance activities (e.g. FISMA). ISAP’s low level objectives include enabling standards based communication of vulnerability data, customizing and managing configuration baselines for various IT products, assessing information systems and reporting compliance status, using standard metrics to weight and aggregate potential vulnerability impact, and remediating identified vulnerabilities.
ISAP’s technical specifications are contained in the related Security Content Automation Protocol
(SCAP). ISAP’s security automation content is either contained within, or referenced by, the National Vulnerability Database
.
ISAP is being formalized through a trilateral memorandum of agreement (MOA) between Defense Information Systems Agency
(DISA), the National Security Agency
(NSA), and the National Institute of Standards and Technology
(NIST). The Office of the Secretary of Defense
(OSD) also participates and the Department of Homeland Security (DHS) funds the operation infrastructure on which ISAP relies (i.e., the National Vulnerability Database).
This document incorporates text from Information Security Automation Program Overview (v1 beta), a public domain publication of the U.S. government.
ISAP’s technical specifications are contained in the related Security Content Automation Protocol
Security Content Automation Protocol
The Security Content Automation Protocol is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation . The National Vulnerability Database is the U.S...
(SCAP). ISAP’s security automation content is either contained within, or referenced by, the National Vulnerability Database
National Vulnerability Database
The National Vulnerability Database is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol . This data enables automation of vulnerability management, security measurement, and compliance...
.
ISAP is being formalized through a trilateral memorandum of agreement (MOA) between Defense Information Systems Agency
Defense Information Systems Agency
The Defense Information Systems Agency is a United States Department of Defense agency that provides information technology and communications support to the President, Vice President, Secretary of Defense, the military Services, and the Combatant Commands.As part of the Base Realignment and...
(DISA), the National Security Agency
National Security Agency
The National Security Agency/Central Security Service is a cryptologic intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting U.S...
(NSA), and the National Institute of Standards and Technology
National Institute of Standards and Technology
The National Institute of Standards and Technology , known between 1901 and 1988 as the National Bureau of Standards , is a measurement standards laboratory, otherwise known as a National Metrological Institute , which is a non-regulatory agency of the United States Department of Commerce...
(NIST). The Office of the Secretary of Defense
Office of the Secretary of Defense
The Office of the Secretary of Defense is a headquarters-level staff of the Department of Defense of the United States of America. It is the principal civilian staff element of the Secretary of Defense, and it assists the Secretary in carrying out authority, direction and control of the Department...
(OSD) also participates and the Department of Homeland Security (DHS) funds the operation infrastructure on which ISAP relies (i.e., the National Vulnerability Database).
External links
- Information Security Automation Program web site
- Security Content Automation Protocol web site
- National Vulnerability Database web site
This document incorporates text from Information Security Automation Program Overview (v1 beta), a public domain publication of the U.S. government.