HOT OFF THE PRESSES
CyberESI Consulting Group personnel have pioneered security automation for nearly two decades. Some activities and accomplishments include:
- Developed commercial products that utilize Common Vulnerability Enumeration (CVE) and Common Vulnerability Scoring System (CVSS),
- Published guidance adopting and using on Security Content Automation Protocol (SCAP) and established a program to validate SCAP products
- Pioneered use of SCAP content for identifying malware,
- Established machine-readable content and content authorities for the National Checklist Program (NCP), and
- Oversaw National Vulnerability Database (NVD) vulnerability analysis and capability development.
Now, CyberESI Consulting Group is extending these security automation experiences to security controls using the National Institute of Standards and Technology (NIST) Open Security Controls Assessment Language (OSCAL). In a recent project, CyberESI Consulting Group automated the creation of OSCAL Control Catalogs for all frameworks listed in the NIST Cybersecurity and Privacy Reference Tool (CPRT).