Balisage Paper: Using DITA to Create Security Configuration Checklists
A Case Study
August 1 - 4, 2017
The materials listed below were provided by the speaker as supplements to a
presentation at Balisage. These materials may include the slides or visuals used in
the
presentation; supplementary material, such as code samples or a demonstration application;
and/or the paper accompanying the presentation (if it has not been provided in XML).
These
materials have been zipped for easy download and are identified by a brief description
of
the contents. The materials themselves are untouched
, that is, they
have not been tested or edited by Balisage: The Markup Conference or by Mulberry
Technologies, Inc. As such, they are included on this website AS IS
,
i.e., as provided by the speaker, with no warranties, express or otherwise, made by
Balisage
or Mulberry.
Slides and Materials
- Bal2017lube0408-slides.zip: Presentation slides in Adobe PDF
Center for Internet Security. CIS Red Hat
Enterprise Linux 7 Benchmark v2.1.0
(2016). https://benchmarks.cisecurity.org [Prose documentation, XCCDF, and OVAL available to CIS
members]
DITA Open Toolkit. http://www.dita-ot.org
T. Hedberg, J. Lubell, L. Fischer, L. Maggiano, and A. Barnard
Feeney. Testing the Digital Thread in Support of Model-Based Manufacturing and
Inspection.
Journal of Computing and Information Science in Engineering.
16 (2) (2016). doi:https://doi.org/10.1115/1.4032697
V.C. Hu, D.R. Kuhn, T. Xie, and J. Hwang. Model Checking for
Verification of Mandatory Access Control Models and Properties.
International Journal of Software Engineering and Knowledge
Engineering. 21 (1). pp. 103–27 (2011). doi:https://doi.org/10.1142/S021819401100513X.
E. Kimber. DITA for Practitioners Volume 1: Architecture and Technology. XMLPress (2012). [Configuration and Specialization tutorials online at http://www.xiruss.org/tutorials/dita-specialization]
S. Krima and J. Lubell. Flat Versus Hierarchical Information
Models in PLM Standardization Frameworks.
In Product Lifecycle
Management for Digital Transformation of Industries: 13th IFIP WG 5.1 International
Conference, PLM 2016, Columbia, SC, USA, July 11-13, 2016, Revised Selected
Papers. R. Harik, L. Rivest, A. Bernard, B. Eynard, and A. Bouras, Eds. Cham:
Springer International Publishing. pp. 121–133 (2016). doi:https://doi.org/10.1007/978-3-319-54660-5_12
J. Lubell. Extending the Cybersecurity Digital Thread
with XForms.
In Proceedings of Balisage: The Markup Conference
2015. Balisage Series on Markup Technologies, vol. 15 (2015). doi:https://doi.org/10.4242/BalisageVol15.Lubell01
J. Lubell and T. Zimmerman. The Challenge of Automating
Security Configuration Checklists in Manufacturing Environments.
In Critical Infrastructure Protection XI. M. Rice and S. Shenoi, Eds.
Springer Berlin Heidelberg (2017). [To appear]
Organization for the Advancement of Structured Information
Standards. Darwin Information Typing Architecture (DITA) Version 1.3 Part 2: Technical
Content Edition.
OASIS Standard (2016). http://docs.oasis-open.org/dita/dita/v1.3/dita-v1.3-part2-tech-content.html
Organization for the Advancement of Structured
Information Standards. DITA XML.org.
http://dita.xml.org
OpenSCAP Portal. SCAP Security Guide.
http://www.open-scap.org/security-policies/scap-security-guide
OpenSCAP Portal. SCAP Workbench.
https://www.open-scap.org/tools/scap-workbench
OVAL Documentation. http://ovalproject.github.io
Oxygen XML Editor Blog. DITA Reuse Strategies (Short
Tutorial describing all DITA Reuse possibilities).
http://blog.oxygenxml.com/2015/11/dita-reuse-strategies-short-tutorial.html
M. Priestley and D. A. Schell. Specialization in DITA:
Technology, Process, & Policy.
In Proceedings of the 20th
Annual International Conference on Computer Documentation. pp. 164–176 (2002).
doi:https://doi.org/10.1145/584955.584980
M. Preisler. Contributing to SCAP Security Guide —
Part 1.
https://martin.preisler.me/2016/10/contributing-to-scap-security-guide-part-1
Raspbian. https://www.raspbian.org
P. St. Pierre. Securing Linux with Mandatory Access
Controls.
Linux.com (2005). https://www.linux.com/news/securing-linux-mandatory-access-controls
S. Quinn, K. Scarfone, and D. Waltermire. Guide to Adopting
and Using the Security Content Automation Protocol (SCAP) Version 1.2 (Draft).
NIST
Special Publication 800-117. Revision 1 (2012). http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-117-Rev.%201
S. Radack and R. Kuhn. Managing Security: The Security
Content Automation Protocol.
IT Professional. vol. 13(1). pp. 9–11 (2011). doi:https://doi.org/10.1109/MITP.2011.11
K. Schengili-Roberts. Don Day and Michael Priestley on the
Beginnings of DITA: Part 1.
http://www.ditawriter.com/don-day-and-michael-priestley-on-the-beginnings-of-dita-part-1
D. Vecchiato, M. Vieira, and E. Martins. The Perils of
Android Security Configuration.
Computer. vol. 49(6). pp. 15-21 (2016). doi:https://doi.org/10.1109/MC.2016.184
D. Waltermire, C. Schmidt, K. Scarfone, and N. Ziring.
Specification for the Extensible Configuration Checklist Description Format (XCCDF)
Version 1.2.
NIST Interagency Report 7275 Revision 4 (2012). https://scap.nist.gov/specifications/xccdf
World Wide Web Consortium. Cascading Style Sheets Level 2
Revision 1 (CSS 2.1).
W3C Recommendation (2011). https://www.w3.org/TR/CSS2
World Wide Web Consortium. Extensible Markup Language (XML)
1.0 (Fifth Edition).
W3C Recommendation (2008). https://www.w3.org/TR/xml
World Wide Web Consortium. XSL Transformations (XSLT)
Version 2.0.
W3C Recommendation (2007). https://www.w3.org/TR/xslt20
XCCDF — The Extensible Configuration Checklist Description Format. https://scap.nist.gov/specifications/xccdf