Security baseline assessment method based on SCAP

Abstract

The invention discloses a security baseline assessment method based on a SCAP. The security baseline assessment method based on the SCAP comprises the first step of asset identification, wherein rules are named through CPE for an assessed object, and the basic management foundation is provided for each assessment item, the second step of CVE, wherein CVE is carried out on the target object whose asset is assessed by using OVAL; the third step of CCE, wherein the security configuration of the asset is inspected by using an XCCDF, the fourth step of security scoring, wherein the security level of the asset is scored through a CVSS, and the fifth step of state baseline monitoring, wherein state baseline monitoring is carried out on the assessed target object reaching an established security baseline. By means of the security baseline assessment method based on the SCAP, the work of CVE, patch management and the like can be combined, and state baseline monitoring can be carried out on the assessed target object.

Description

technical field [0001] The present invention relates to a security baseline assessment method, in particular to a SCAP-based security baseline assessment that can realize the combination of vulnerability scanning, security baseline management, patch management, etc., and can monitor the status baseline of the assessed target object method. Background technique [0002] The daily security maintenance work of the system mainly includes: implementing the system baseline security configuration, continuing to monitor the system security configuration in real time, regularly performing vulnerability scanning, and checking the patch installation status, etc. Due to the huge number of information systems that need security maintenance, various security monitoring tools respond to new vulnerability threats at different speeds, and there is a lack of interoperability between different security monitoring tools. The same vulnerability is detected in different security monitoring tools....

AI Technical Summary

Problems solved by technology

All of these factors complicate determining what security changes are required on each system, implementing those changes quickly, correctly, and consistently, and validating security configurations

[0007] 2. Slow response to threats

[0008] As of the beginning of 2014, as many as 60,805 software flaws have been added to the US National Vulnerability Database (NVD: National Vulnerability Database). Vulnerabilities are appearing faster and faster. Security vendors need to write their own security baseline assessments for new vulnerabilities. The rules of the tool, it takes a lot of time, and the enterprise cannot reconfigure the software or install the patch in time to eliminate the vulnerability

[0009] 3. Lack of interoperability

This lack of interoperability will lead to inconsistent security assessments, potentially delaying patching

[0011] 4. Lack of a baseline of system state

[0012] At present, most security baseline tools only check the security configuration of the baseline layer and the compliance of security vulnerabilities, and do not involve system status monitoring (processes, ports, accounts, files, etc.) in the security baseline baseline layer

Images