欢迎大家赞助一杯啤酒🍺 我们准备了下酒菜:Formal mathematics/Isabelle/ML, Formal verification/Coq/ACL2/Agda, C++/Lisp/Haskell
OpenSCAP
来自开放百科 - 灰狐
(版本间的差异)
小 (→指南) |
小 (→缩略语) |
||
| 第44行: | 第44行: | ||
==缩略语== | ==缩略语== | ||
| − | *AI(Asset | + | *AI(Asset Identification)资产识别 |
| − | *ARF(Asset Reporting | + | *ARF(Asset Reporting Format)资产报告格式 |
| − | *CCE(Common Configuration | + | *CCE(Common Configuration Enumeration)通用配置枚举 |
| − | *CCSS(Common Configuration Scoring | + | *CCSS(Common Configuration Scoring System)通用配置评分系统 |
| − | *CIS(Center for Internet | + | *CIS(Center for Internet Security)互联网安全中心 |
| − | *CPE(Common Platform | + | *CPE(Common Platform Enumeration)通用平台枚举 |
| − | *CVE(Common Vulnerabilities and | + | *CVE(Common Vulnerabilities and Exposures)通用漏洞和暴露 |
| − | *CVSS(Common Vulnerability Scoring | + | *CVSS(Common Vulnerability Scoring System)通用漏洞评分系统 |
| − | *CWE(Common Weakness | + | *CWE(Common Weakness Enumeration)通用弱点列举 |
| − | *FIPS(Federal Information Processing | + | *FIPS(Federal Information Processing Standards)联邦信息处理标准 |
| − | *[http://www.mitre.org/ MITRE] | + | *[http://www.mitre.org/ MITRE] 在 MITRE,我们为一个更安全的世界解决问题。 |
| − | *NIST(National Institute of Standards and | + | *NIST(National Institute of Standards and Technology)美国国家标准与技术研究所 |
| − | *NVD(National Vulnerability | + | *NVD(National Vulnerability Database)国家漏洞数据库 |
| − | *OCIL(Open Checklist Interactive | + | *OCIL(Open Checklist Interactive Language)开放式检查表交互语言 |
| − | *OVAL(Open Vulnerability and Assessment | + | *OVAL(Open Vulnerability and Assessment Language)开放漏洞和评估语言 |
| − | *PCI DSS(Payment Card Industry Data Security | + | *PCI DSS(Payment Card Industry Data Security Standard)支付卡行业数据安全标准 |
| − | *SCE(Script Check | + | *SCE(Script Check Engine)脚本检查引擎 |
| − | *SDS(SCAP source data | + | *SDS(SCAP source data stream)SCAP源数据流 |
| − | *SACM(Security Automation and Continuous | + | *SACM(Security Automation and Continuous Monitorin)安全自动化和持续监控 |
| − | *SCAP(Security Content Automation | + | *SCAP(Security Content Automation Protocol)安全内容自动化协议 |
| − | *SWID(Software | + | *SWID(Software identification)软件识别 |
| − | *USGCB(United States Government Configuration | + | *USGCB(United States Government Configuration Baseline)美国政府配置基线 |
| − | *XCCDF(eXtensible Configuration Checklist Description | + | *XCCDF(eXtensible Configuration Checklist Description Format)可扩展配置清单描述格式 |
==图集== | ==图集== | ||
2022年5月11日 (三) 02:31的版本
|
您可以在Wikipedia上了解到此条目的英文信息 OpenSCAP Thanks, Wikipedia. |
OpenSCAP
目录 |
简介
OpenSCAP: Open Source Security Compliance(合规)Solution
OpenSCAP 开源安全合规解决方案,NIST认证的SCAP 1.2工具箱。
Security Content Automation Protocol (SCAP) 安全内容自动化协议
标准
- Security Content Automation Protocol (SCAP)
- SCAP Components XCCDF, OVAL, DataStream, ARF, CPE, CVE, CWE, SCE.
- Other Standards SACM, SWID, CC, FIPS.
功能
工具
- OpenSCAP Base
- OpenSCAP Daemon
- SCAP Workbench
- SCAPTimony
- OSCAP Anaconda Add-on
- Systems Management
- Atomic Scan
指南
Red Hat & CentOS
# yum install openscap-scanner $ oscap -V # yum install scap-security-guide # yum install scap-workbench $ scap-workbench
Debian & Ubuntu
$ sudo apt install openscap-daemon $ oscap -V
项目
缩略语
- AI(Asset Identification)资产识别
- ARF(Asset Reporting Format)资产报告格式
- CCE(Common Configuration Enumeration)通用配置枚举
- CCSS(Common Configuration Scoring System)通用配置评分系统
- CIS(Center for Internet Security)互联网安全中心
- CPE(Common Platform Enumeration)通用平台枚举
- CVE(Common Vulnerabilities and Exposures)通用漏洞和暴露
- CVSS(Common Vulnerability Scoring System)通用漏洞评分系统
- CWE(Common Weakness Enumeration)通用弱点列举
- FIPS(Federal Information Processing Standards)联邦信息处理标准
- MITRE 在 MITRE,我们为一个更安全的世界解决问题。
- NIST(National Institute of Standards and Technology)美国国家标准与技术研究所
- NVD(National Vulnerability Database)国家漏洞数据库
- OCIL(Open Checklist Interactive Language)开放式检查表交互语言
- OVAL(Open Vulnerability and Assessment Language)开放漏洞和评估语言
- PCI DSS(Payment Card Industry Data Security Standard)支付卡行业数据安全标准
- SCE(Script Check Engine)脚本检查引擎
- SDS(SCAP source data stream)SCAP源数据流
- SACM(Security Automation and Continuous Monitorin)安全自动化和持续监控
- SCAP(Security Content Automation Protocol)安全内容自动化协议
- SWID(Software identification)软件识别
- USGCB(United States Government Configuration Baseline)美国政府配置基线
- XCCDF(eXtensible Configuration Checklist Description Format)可扩展配置清单描述格式
图集
SCAP Security Guide
SCAP Workbench
链接
分享您的观点
