Lubell, J.
(2017),
Using DITA to Create Security Configuration Checklists, Balisage Series on Markup Technologies, Washington, DC, [online], https://doi.org/10.4242/BalisageVol19.Lubell01
(Accessed May 9, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Using DITA to Create Security Configuration Checklists
Published
Author(s)
Abstract
Many software tools use security configuration checklists expressed in the Extensible Configuration Checklist Description Format (XCCDF) to monitor computers and other information technology products for compliance with security policies. But XCCDF syntax is checklist author-unfriendly. And complex relationships and dependencies between and among checklist rules, checking instructions, and software platforms make it difficult to reuse or repurpose existing XCCDF content in new checklists. The Darwin Information Typing Architecture (DITA) can tame XCCDF syntax and facilitate content management and reuse. A case study comparing the use of specialization and other DITA features with a currently- deployed ad hoc XCCDF authoring system demonstrates the DITA approach's advantages.Proceedings Title
Balisage Series on Markup Technologies
Volume
19
Conference Dates
August 1-4, 2017
Conference Location
Washington, DC
Conference Title
Balisage: The Markup Conference
Pub Type
Conferences
Download Paper
Keywords
Security Content Automation Protocol, SCAP, Darwin Information Typing Architecture, DITA, SCAP Security Guide, specialization, XCCDF, platform fragmentation
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.
Created July 31, 2017, Updated November 10, 2018