Beginning with the January 2018 Quarterly Release, DISA will publish updated benchmarks using the Security Content Automation Protocol, version 1.2. Migration to the SCAP 1.2 standard started with the recent release of the Windows Server 2016 Benchmark and will continue with the forthcoming release of the Red Hat Enterprise Linux 7 Benchmark. SCAP 1.2 introduces new capabilities for automated assessments through its updated component languages, providing more flexibility in developing new content. Some of these capabilities, listed below, may be utilized in future DISA Benchmark updates or new releases. The Open Vulnerability and Assessment Language, version 5.10, adds support for Windows PowerShell cmdlets, shared resource effective rights tests, and shared resource audited permissions tests.
OVAL 5.10 improves support for Linux RPM verification. OVAL 5.10 also adds last-logon checks to Windows and UNIX/Linux checks. The Common Platform Enumeration, version 2.3, includes an applicability language that gives the benchmark the ability to determine whether a particular STIG Rule applies to the system being evaluated. This facility has allowed the Windows Server 2016 Benchmark to be published as a single benchmark, with domain-controller and member-server checks being evaluated only as necessary. DISA continues validation testing of SCAP 1.2 content with recent versions of HBSS/ePO/Policy Auditor, SPAWAR SCC, and ACAS.
Though the content will be published as a ZIP file, ePO requires that the contents of the ZIP be extracted and then imported, rather than the ZIP file itself. As SCAP 1.2 releases of benchmarks are posted, previous SCAP 1.1 releases will be removed from IASE. To prepare for SCAP 1.2 content, please ensure your organization is using the current STIG tools and automation content available from IASE..
Content Marketing, Automation and the Stages of Your Sales Funnel: An Introduction
Three of the most powerful weapons in modern B2B marketing’s arsenal are marketing automation, testing and optimization, and content marketing. Marketing automation and the ability to affordably test your brand messaging have reinvented B2B email marketing and the marketing funnel as we know it, but without killer content, marketing automation is a useless endeavor. Understand how content fuels your marketing automation funnel to capture more leads, improve conversion rates, create repeat customers and enhance the purchasing experience. Marketing automation transformed B2B marketing by enabling businesses, especially small and midsize businesses, to reach more people in a cost-effective, competitive manner. Marketing automation allows small and midsize businesses with fewer resources to set up automated campaigns, nurture sequences and repeat tasks that can move prospects through the marketing funnel.
In the bottom of the funnel we find content that includes case studies, product sheets and more testimonials. In the middle of the funnel, it’s OK to offer consumers the option of either more MOFU content or a BOFU offer that can lead to a sale or sales contact. Successful content creators approach the creation of content with an understanding of how it works within the funnel as a whole. Uniformity of messaging across all levels of the funnel binds your content and creates a more cohesive, consistent and recognizable brand presence. A survey by the Lenskold and Pedowitz groups found companies that adopt marketing automation are 45 percent more likely to repurpose content for efficiency than companies that don’t.
The value to business is that once you set up your campaigns, marketing automation leads potential consumers through the funnel for you, automatically. Our latest whitepaper explains which types of content to use at the various stages of the funnel and how to use content in various types of automated marketing campaigns.
CHIPS Articles: NIST Publishes Version 1.3 of the Security Content Automation Protocol
The Security Content Automation Protocol is a suite of specifications that standardize the format and nomenclature by which software flaws and security configuration information is communicated to both machines and humans. SCAP is a multi-purpose framework of specifications that support automated configuration, vulnerability and patch checking, technical control compliance activities, and security measurement. Goals for the development of SCAP include standardizing system security management, promoting interoperability of security products, and fostering the use of standard expressions of security content, according to a National Institute of Standards and Technology release. These two publications and a set of associated schemas collectively define the technical specification for SCAP version 1.3, which is based on enhancements and clarifications to the SCAP 1.2 specification. SP 800-126A is a new publication that allows SCAP 1.3 to take advantage of particular minor version updates to SCAP component specifications, as well as particular Open Vulnerability and Assessment Language core schema and platform schema versions.
SCAP is a synthesis of interoperable specifications derived from community ideas. Community participation is invaluable for SCAP because the security automation community ensures the broadest possible range of use cases reflected in SCAP functionality. NIST’s security automation agenda is broader than the vulnerability management application of SCAP. Many different security activities and disciplines can benefit from standardized expression and reporting. NIST envisions further expansion in compliance, remediation, and network monitoring, and encourages your contribution relative to these and additional disciplines.
NIST is also working on this expansion plan, so please communicate with the SCAP team early and often to ensure proper coordination of efforts.