National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

CyberScope (DRAFT)

The Department of Homeland Security in conjunction with the Department of Justice is developing an application, CyberScope, to handle manual and automated inputs of agency data for FISMA reporting. NIST has been collaborating with the CyberScope effort to provide data models that use the underlying SCAP primitives (CVE, CCE, CPE) to produce data feeds directly from security management tools that can be submitted to the CyberScope application.

The following resources are available to support implementation of the reporting data models:

(DRAFT) Asset Identification (AI) Schema:
1.0.0 Early Access Release 1 XML Schema
(DRAFT) Asset Reporting Format (ARF) Schema:
1.0.0 Early Access Release 1 XML Schema
(DRAFT) Lightweight Asset Summary Results Schema (LASR):
1.0.0 Early Access Release 1 XML Schema
(DRAFT) Sample Report:
CyberScope Auto Feed Example
(DRAFT) Report Validation:
1.0.0 Early Access Release 1 Schematron Stylesheet (Checks Wellformed-ness of the report)