OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] RFI CRE Common Remediation Enumeration


Jerome,

As always, thanks for sharing timely references to "our thing".  We need to leverage these standards wherever possible/practical.

Question

"CRE enables automation and enhanced correlation of enterprise remediation activities."

I'm not seeing where CRE provides the machine readable specification (or reference to same) required to perform the very specific remediation action(s) to achieve, measure, or validate the remediation objectives/outcomes.

It would seem that the reference to the OVRL specification or some other reference that leads one to the specific OVRL  The only specific external reference I see is the CPE (Common Platform Enumeration)?  

...What am I missing?


@All:  (1) I like the Use Case formats of the NIST documents.  It would be great if we could adopt same or something similar to map to these existing body of work.  (2) Why reinvent taxonomies, descriptions, etc. where substantive instantiations of same (i.e., CCE, CVE, CPE)  already exist?

Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org

_____________________________
From: Jerome Athias <athiasjerome@gmail.com>
Sent: Thursday, November 5, 2015 8:15 AM
Subject: [cti] RFI CRE Common Remediation Enumeration
To: <cti@lists.oasis-open.org>


Hi

Any info regarding CRE?
http://scap.nist.gov/specifications/cre/

Thank you




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]