[OWASP-chapters] Invitation to attend NIST call on SCAP v2 and provide feedback

Sherif Mansour sherif.mansour at owasp.org
Tue Oct 2 14:22:07 UTC 2018


Here is the call (Webex details for the event)



Dear members of the SCAP community –



We are pleased to announce that a teleconference introducing the SCAP
Version 2 effort has been scheduled for next Thursday, October 4, 2018 at
1:00 PM Eastern time. David Waltermire from the National Institute of
Standards and Technology (NIST) and Jessica Fitzgerald-McKay from the
National Security Agency (NSA) will present the concepts and plans moving
forward.



The NIST White Paper describing the transition to SCAP Version 2 is
available here:

https://www.nist.gov/publications/transitioning-scap-version-2



As this is a community-driven effort, we encourage and appreciate your
participation!



Webex teleconference information is below and in the attached calendar
entry.



Regards,

Dave Waltermire and Jessica Fitzgerald-McKay



David Waltermire

Information Technology Laboratory | Computer Security Division

National Institute of Standards and Technology



*SCAP v2 Introduction*

Thursday, October 4, 2018

1:00 pm  |  Eastern Daylight Time (New York, GMT-04:00)  |  2 hrs

Meeting number (access code): 797 470 217

Meeting password: JP3hWJCn



When it's time, join the meeting
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmitre.webex.com%2Fmitre%2Fj.php%3FMTID%3Dm99bad2a8dc2451d01820fc6322d3650b&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cb6e7e228ce0544926db308d6255d5b62%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636737480218484566&sdata=vbValmJ%2FBPNQVTR3WlG5PEFZf1QtNoPU4Q5NqTcW7H8%3D&reserved=0>
.



*Join by phone*

*1-877-668-4490 <1-877-668-4490,,*01*797470217%23%23*01*>* Call-in
toll-free number (US/Canada)

*1-408-792-6300 <+1-408-792-6300,,*01*797470217%23%23*01*>* Call-in toll
number (US/Canada)

Global call-in numbers
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmitre.webex.com%2Fmitre%2Fglobalcallin.php%3FserviceType%3DMC%26ED%3D648555227%26tollFree%3D1&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cb6e7e228ce0544926db308d6255d5b62%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636737480218494580&sdata=0brVIAmyw4w2VaQ0KZo2m%2FLmkaBZ1pE7favTO1qB8z0%3D&reserved=0>
  |  Toll-free calling restrictions
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.webex.com%2Fpdf%2Ftollfree_restrictions.pdf&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cb6e7e228ce0544926db308d6255d5b62%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636737480218494580&sdata=%2F9O%2FJDDoAUvoTnn02W7K1mswpMDAXm8LcpYoHVHh9rY%3D&reserved=0>



Can't join the meeting?
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcollaborationhelp.cisco.com%2Farticle%2FWBX000029055&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Cb6e7e228ce0544926db308d6255d5b62%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636737480218504580&sdata=DLWjOY2OSOy1874l433FtY7pWYMZqWanIwEfhre7QRw%3D&reserved=0>



IMPORTANT NOTICE: Please note that this Webex service allows audio and
other information sent during the session to be recorded, which may be
discoverable in a legal matter. By joining this session, you automatically
consent to such recordings. If you do not consent to being recorded,
discuss your concerns with the host or do not join the session.









On Tue, 2 Oct 2018 at 4:11 pm, Sherif Mansour <sherif.mansour at owasp.org>
wrote:

> Thank you all,
>
> Please forward it on to folks you think are interested and or can add
> value to the conversation.
>
> -Sherif
>
> On Tue, 2 Oct 2018 at 4:08 pm, Andrew van der Stock <vanderaj at owasp.org>
> wrote:
>
>> Hi there
>>
>> This is an excellent opportunity to collaborate with NIST and MITRE on
>> key initiatives.
>>
>> I am unable to attend due to a prior commitment, but if there are future
>> meetings or opportunities to meet folks at AppSec USA, please let me know.
>>
>> thanks
>> Andrew
>>
>>
>> On Mon, Oct 1, 2018 at 1:35 PM Sherif Mansour <sherif.mansour at owasp.org>
>> wrote:
>>
>>> Dear all,
>>>
>>> You may recall I sent out an email with regards to a call from MITRE for
>>> collaboration.
>>> We have also been invited to comment on NIST’s SCAP v.2 (for secue
>>> configuration monitoring which is in the OWASP top ten).
>>>
>>> If you are available on 1pm EDT this Thursday (Oct 4th), I’d recommend
>>> you join the NIST mailing list and get the invite to the call. (Instructions
>>> on joining the list are available here:
>>> https://csrc.nist.gov/Projects/Security-Content-Automation-Protocol/SCAP-Community
>>> )
>>>
>>> Here’s what Inwas asked:
>>>
>>> “I wanted to let you know that NIST just released a whitepaper on their
>>> plans for SCAP v2. (At least some of this was source material for my
>>> briefing, but the whitepaper goes into far more detail.) The whitepaper is
>>> available here:
>>> https://csrc.nist.gov/publications/detail/white-paper/2018/09/10/transitioning-to-scap-version-2/final.
>>> We are encouraging those interested in providing feedback to join the SCAP
>>> Discussion List (scap-dev at nist.gov) and provide feedback there.
>>> Instructions on joining the list are available here:
>>> https://csrc.nist.gov/Projects/Security-Content-Automation-Protocol/SCAP-Community.
>>> I'm also happy to answer any questions.
>>>
>>> On October 4, 2018 at 1pm EDT, there will be a web conference on the
>>> whitepaper. NIST will also host a workshop on SCAP v2 in early December at
>>> the National Cyber Security Center of Excellence. More information on these
>>> events will be posted on the whitepaper page and the scap-dev at nist.gov list
>>> in the near future.”
>>>
>>> For those who are not familiar with SCAP
>>> The *Security Content Automation Protocol* (*SCAP*) is a method for
>>> using specific standards to enable the automated vulnerability management,
>>> measurement, and policy compliance evaluation of systems deployed in an
>>> organization, including e.g., FISMA
>>> <https://en.m.wikipedia.org/wiki/FISMA> compliance. The National
>>> Vulnerability Database
>>> <https://en.m.wikipedia.org/wiki/National_Vulnerability_Database> (NVD)
>>> is the U.S. government content repository for SCAP. An example of an
>>> implementation of SCAP is OpenSCAP
>>> <https://en.m.wikipedia.org/w/index.php?title=OpenSCAP&action=edit&redlink=1>
>>> .
>>> --
>>>
>>> Sherif Mansour
>>> OWASP Global Board Member & OWASP London Chapter Leader
>>> Site: https://www.owasp.org/index.php/London
>>> Email: sherif.mansour at owasp.org
>>> Follow OWASP London Chapter on Twitter: @owasplondon  <https://twitter.com/OWASPLondon>
>>> "Like" us on Facebook: https://www.facebook.com/OWASPLondon
>>> Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
>>>
>>> Consider giving back, and supporting the open source community by
>>> becoming a member <https://www.owasp.org/index.php/Membership> or
>>> making a donation <https://www.owasp.org/index.php/Donate> today!
>>>
>>>
>>> Join us at AppSec USA 2018 <https://2018.appsecusa.org/> 8-12 October
>>> in San Jose, CA!
>>>
>> _______________________________________________
>>> Owasp-chapters mailing list
>>> Owasp-chapters at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-chapters
>>>
>> --
>
> Sherif Mansour
> OWASP Global Board Member & OWASP London Chapter Leader
> Site: https://www.owasp.org/index.php/London
> Email: sherif.mansour at owasp.org
> Follow OWASP London Chapter on Twitter: @owasplondon  <https://twitter.com/OWASPLondon>
> "Like" us on Facebook: https://www.facebook.com/OWASPLondon
> Subscribe to our (lightweight) mailing list: https://lists.owasp.org/mailman/listinfo/owasp-london
>
> Consider giving back, and supporting the open source community by becoming
> a member <https://www.owasp.org/index.php/Membership> or making a donation
> <https://www.owasp.org/index.php/Donate> today!
>
>
> Join us at AppSec USA 2018 <https://2018.appsecusa.org/> 8-12 October in
> San Jose, CA!
>
-- 

Sherif Mansour
OWASP Global Board Member & OWASP London Chapter Leader
Site: https://www.owasp.org/index.php/London
Email: sherif.mansour at owasp.org
Follow OWASP London Chapter on Twitter: @owasplondon
<https://twitter.com/OWASPLondon>
"Like" us on Facebook: https://www.facebook.com/OWASPLondon
Subscribe to our (lightweight) mailing list:
https://lists.owasp.org/mailman/listinfo/owasp-london

Consider giving back, and supporting the open source community by becoming
a member <https://www.owasp.org/index.php/Membership> or making a donation
<https://www.owasp.org/index.php/Donate> today!


Join us at AppSec USA 2018 <https://2018.appsecusa.org/> 8-12 October in
San Jose, CA!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-chapters/attachments/20181002/4bce58fa/attachment-0001.html>


More information about the Owasp-chapters mailing list