A Collection of Information Security Community Standardization Activities and Initiatives

MITRE, in collaboration with government, industry, and academic stakeholders, is improving the measurability of security through registries of baseline security data, providing standardized languages as means for accurately communicating the information, defining proper usage, and helping establish community approaches for standardized processes.

The other activities and initiatives listed here have similar concepts or compatible approaches to MITRE’s. Together all of these efforts — be they mature or continuing to build momentum — are helping to make security more measurable by defining the concepts that need to be measured, providing for high fidelity communications about the measurements, and providing for sharing of the measurements and the definitions of what to measure.

Measurable security pertains at a minimum to the following areas:

Software Assurance

Application Security

Asset Management

Supply Chain Risk Management

Cyber Intelligence Threat Analysis

Cyber Threat Information Sharing

Vulnerability Management

Patch Management

Configuration Management

Malware Protection

Intrusion Detection

System Assessment

Incident Coordination

Enterprise Reporting