Security Checklists Implementation Guides Benchmark Scoring

OVAL Repository

http://oval.mitre.org/repository/download/index.html

OVAL Repository downloads include Data Files of all vulnerability, compliance, inventory, and patch definitions for supported platforms. Data Files are intended for use with the Reference OVAL Interpreter, while both Data Files and the Bulk Content download (i.e., all definitions and schemas for all platforms) may be used with OVAL-compatible Products and Services. OVAL Repository content for past versions of the OVAL Language is available in the OVAL Archive.

DISA Checklists / Implementation Guides

http://csrc.nist.gov/pcig/cig.html

Numerous technical implementation guides

NSA Security Configuration Guides

http://www.nsa.gov/snac/downloads_all.cfm?MenuID=scg10.3.1

NSA has developed and distributed configuration guidance for a wide variety of software from open source to proprietary software. The objective of the configuration guidance program is to provide NSA's customers with the best possible security options in the most widely used products.

CIS Benchmark & Scoring Tools

http://www.cisecurity.org/index.html

CIS Benchmarks enumerate security configuration settings and actions that "harden" your systems. They are unique, not because the settings and actions are unknown to any security specialist, but because consensus among hundreds of security professionals worldwide has defined these particular configurations.

NIST Computer Security Special Publications

http://csrc.nist.gov/publications/nistpubs/index.html

Special Publications from 500 & 800 Series

US-CCU Cybersecurity Checklist

http://www.cccure.org/modules.php?name=Downloads&d_op=getit&lid=269

US-CCU has just finished the final release version of their cyber-security check list.

This final version takes account of the large number of suggestions that were received after circulating the draft versions. There were a few additional suggestions that seemed excellent, but that weren't able to be included at this point, because they were either too detailed or too much ahead of current defender and attacker practices. US-CCU intends to do an annual update of the check list, however, so some of the suggestions that were omitted this time will probably be included in the future.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License