National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

6th Annual IT Security Automation Conference and Expo Presentations

Day 1 (09/27/2010)

  • General
  • Automation Specifications
  • FDCC/USGCB
  • Software Assurance
  • SCAP 101 Tutorial
  • Automation Content Tutorial

Day 2 (09/28/2010)

  • General
  • Automation Specifications
  • Network Automation
  • Innovative Uses of SCAP
  • Security Management and Compliance Automation
  • Security Automation for Cloud Computing

Day 3 (09/29/2010)

  • General
  • SCAP Workshop
  • EMAP Workshop
  • Remediation Workshop
  • SCAP Product Validation Workshop
  • Continuous Monitoring Workshop

Day 1 (09/27/2010)

General
Presenter(s) Presentation
Welcome Address
Honorable Howard A. Schmidt, White House Cybersecurity Coordinator Keynote Address
Phil Reitinger, Deputy Undersecretary (DHS) Keynote Address
Track Lead Address
Automation Specifications
Presenter(s) Presentation
Paul Cichonski (BAH) Automation Specifications Overview
Chris Johnson (NIST) Enterprise Remediation Automation
William Heinbockel (MITRE) CEE
George Saylor (G2) The Use of Rules in EMAP
John Wunder (MITRE), Adam Halbardier (BAH) ARF
Tim Keanini (moderator) (nCircle), Luis Nunez (Cisco), Kent Landfield (McAfee), John Bordwine (Symantec), Jeff Spitulnik (IBM), Todd Dolinsky (HP) Vendor Interoperability Panel
FDCC/USGCB
Presenter(s) Presentation
William Corrington (Dept. of the Interior) Evolution of the USGCB
Kurt Dillard (G2) Overcoming Technical Challenges in the Windows Baselines
Shelly Bird (Microsoft) Lessons Learned from Our FDCC Customers: Unmanaged to Managed
Kent Landfield (McAfee) Moving Baselines Forward
Scott Armstrong (Symantec), Tony Uceda-Velez (Symantec) Lessons Learned Using SCAP Tools
Steve Grubb (Red Hat) Understanding the Red Hat Enterprise Linux Baseline Settings
Software Assurance
Presenter(s) Presentation
Joe Jarzombek (DHS), Don Davidson (DoD), Dan Schmidt (NSA), Tim Grance (NIST), Bob Martin (MITRE)
Bob Martin (MITRE) Knowing Your Weaknesses: CWE™
Steve Christey (MITRE) Ranking Your Weaknesses: CWSS™
Sean Barnum (MITRE) Understanding How They Attack Your Weaknesses: CAPEC™
Penny Chase (MITRE) Sharing Understanding of Malware: MAEC™
Steve Quinn (NIST), Joe Jarzombek (DHS), Dan Schmidt (NSA) CwA Panel on a Software Assurance Automation Protocol (SwAAP)
SCAP 101 Tutorial
Presenter(s) Presentation
Karen Scarfone (G2) SCAP Overview (NIST 800-126 & 800-117)
Bryan Worrell (MITRE) XCCDF Tutorial
Matt Hansbury (MITRE) OVAL® Tutorial
Dave Mann (MITRE) Standards Development Toolkit
Dave Mann (MITRE)
Steve Christey (MITRE) CVE® & CVSS
Automation Content Tutorial
Presenter(s) Presentation
Kent Landfield (McAfee) Innovating SCAP
Tina Ackerman (NSA) Easily Create SCAP Content Using the MACE Wizard
Harold Booth (NIST) SCAP Content Validation Tool
Bryan Worrell (MITRE) Recommendation Tracker
Peter Parker (G2) SCAP Content Creation Solutions Using the eSCAPe Editor and Libraries
Jim Shelton (NSA), Mike Kinney (NSA), Dave Hoon (DISA)

Day 2 (09/28/2010)

General
Presenter(s) Presentation
Stephen Pawlowski, Senior Fellow and CTO for the Intel Architecture Group (Intel Corporation) Keynote Address - Bringing the Trust Back into Cyber Space
Tony Sager, Chief of the Vulnerability Analysis and Operations Group (NSA) NSA Address - Security Automation: The Trail Ahead
Tim Grance, Program Manager, Cyber & Network Security Program (NIST) NIST Address - NIST Security Automation
Automation Specifications
Presenter(s) Presentation
Charles Schmidt (MITRE) XCCDF
Brant Cheikes (MITRE) CPE™
Jon Baker (MITRE) OVAL®
Maria Casipe (MITRE) OCIL
Charles Wergin (BAH), Harold Owen (G2) National Checklist Program Submission Interface
Network Automation
Presenter(s) Presentation
Robert Hollis (ThreatGuard), Chris Farrow (VMWare) Extending SCAP into the VMWare Virtual Infrastructure
Doug Dexter (Cisco) Automated Network Security Assessment
Steve Hanna (Juniper Networks) TNC: Open Standards for Network Security Automation
Matt Webster (Lumeta) Security Coordination with IF-MAP
Dr. Bruce Gabrielson (BAH) Progress in Near-Real Time Attack Detection At the Platform Level
Innovative Uses of SCAP
Presenter(s) Presentation
Michael Tan (Microsoft) Security Compliance Manager
Tom Grill (VeriSign), Paul Sand (Salare Security) SCAP for VoIP
Kim Watson (NSA), Dr. George Moore (Dept. of State) Role of SCAP in an Emerging Strategy for Continuous Certification and Accreditation
Peter Guerra (G2), Shane Shaffer (G2) Automated Creation of SCAP Content
Jack Vander Pol (SPAWAR), Kyle Stone (SPAWAR) Developing a Government-Funded SCAP-Validated Application
Jim Ivers (Triumfant) Leveraging SCAP for TNC, Endpoint Sensor Grid and Automated Remediation
Security Management and Compliance Automation
Presenter(s) Presentation
Mischel Kwon (RSA) IT Security: Tying the Pieces Together
Alfredo Rohweder FISMA & Security_Automation
Davd Houlding (Intel Health) Client Technologies that Help Assist with Security and Privacy Regulation Compliance
Peter Mell (moderator), COL Michael Jones (HQDA), John Streufert (Dept. of State), Tim McBride (DHS) Continuous Monitoring Panel
Cyber Dashboard Overview
CAESARS Reference Architecture
Kelley Dempsey (NIST) Security Configuration Management
Earnest Neal (Atlantic Systems Group, Inc.), Dirk Barrineau (VA) FISMA Automation in a Global Enterprise
Security Automation for Cloud Computing
Presenter(s) Presentation
Peter Mell (NIST), Dennis Moreau (RSA)
Neil Ziring (moderator) (NSA), Mischel Kwon (RSA), Steve Orrin (Intel), Jen Nowell (Symantec), Gregg Brown (Microsoft) Security Automation in Private Clouds Panel
Peter Mell (NIST), Christopher Hoff (Cisco), Kent Landfield (McAfee), Duncan Hays (IRS) Continuous Monitoring for Cloud Panel
Kent Landfield (McAfee) Continuous Monitoring in a Cloud Environment
Ron Knode (CSC) CloudTrust 2.0
Steve Orrin (Intel) Creating Trustworthy Cloud Systems
Rob Roy (Fortify) The Need for Software Security Assurance to Secure Mission Critical Applications in the Federal Cloud
Lee Badger (NIST), Chris Johnson (NIST) Standards to Acceleration to Jumpstart Adoption of Cloud Computing

Day 3 (09/29/2010)

General
Presenter(s) Presentation
General Session Panel/Discussion
SCAP Workshop
Presenter(s) Presentation
Charles Schmidt (MITRE) XCCDF
Charles Schmidt (MITRE) XCCDF Discussion Topics
Harold Booth (NIST) Vulnerability Data Model
Jon Baker (MITRE) OVAL® Future Considerations
John Wunder (MITRE), Adam Halbardier (BAH) ARF
EMAP Workshop
Presenter(s) Presentation
EMAP Status Update
OEEL Engineering Session
CERE Engineering Session
Emerging Topics
Remediation Workshop
Presenter(s) Presentation
Chris Johnson (moderator) (NIST) Common Remediation Enumeration (CRE) and Extended Remedation Information (ERI)
Matthew Wojcik (moderator) (MITRE) Remedation Policy
Matthew Wojcik (moderator) (MITRE) Remedation Tasking
Matt Kerr (moderator) (G2) Remedation Language
Karl MacMillan (Tresys Technology) Secstate: Flexible Lockdown, Auditing, and Remediation
SCAP Product Validation Workshop
Presenter(s) Presentation
John Banghart SCAP Validation
Continuous Monitoring Workshop
Presenter(s) Presentation
Peter Mell (NIST), Harold Booth (NIST), Dave Waltermire (NIST) Technical Foundations for Continuous Security Monitoring
Peter Mell (moderator) (NIST), Kim Watson (NSA), Ron Gula (Tenable), Duncan Hays (IRS), Randy Barr (Qualys) CM Technical Design Panel
David Waltermire (NIST), Matt Coose (DHS) Identifying Continuous Monitoring Measures