ARF

NOTE: A similar information security community effort is under active development at the U.S. Institute of Standards and Technology (NIST).

Visit http://scap.nist.gov/specifications/arf/ for additional information.

Downloads

ARF Whitepaper (PDF, 92 KB)

ARF 0.41.1 Schemas and Documentation (Zip, 138 KB)

ARF 0.41 Schemas and Documentation (Zip, 572 KB)

Assessment Results Format (ARF) is an open specification that provides a structured language for exchanging per-device assessment results data between assessment tools, asset databases, and other products that manage asset information. It is intended to be used by tools that collect detailed configuration data about IT assets, especially products that leverage specifications contained in the National Institute for Standards and Technology's (NIST) Security Content Automation Protocol (SCAP).

ARF is the per-device results language specification in a suite of specifications that enables the reporting of assessments of IT assets in an enterprise environment, known collectively as security automation interfaces. The Policy Language for Assessment Results Reporting (PLARR) specification is the request specification while Assessment Summary Results (ASR) is the multi-device assessment results format in the suite. The security automation interfaces specifications describe an end-to-end process for delivering assessment content to data stores, requesting assessments against that content, reporting on the results of those assessments, and aggregating assessment results to an enterprise level.

ARF is being developed by the Computer Network Defense Research and Technology Program Management Office, which has proposed its inclusion as an Emerging SCAP Specification. MITRE is soliciting feedback on ARF from the security automation community and will be working with the CND R&T PMO and NIST to incorporate that feedback into upcoming versions of ARF.