Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Using DITA to Create Security Configuration Checklists



Joshua Lubell


Many software tools use security configuration checklists expressed in the Extensible Configuration Checklist Description Format (XCCDF) to monitor computers and other information technology products for compliance with security policies. But XCCDF syntax is checklist author-unfriendly. And complex relationships and dependencies between and among checklist rules, checking instructions, and software platforms make it difficult to reuse or repurpose existing XCCDF content in new checklists. The Darwin Information Typing Architecture (DITA) can tame XCCDF syntax and facilitate content management and reuse. A case study comparing the use of specialization and other DITA features with a currently- deployed ad hoc XCCDF authoring system demonstrates the DITA approach's advantages.
Proceedings Title
Balisage Series on Markup Technologies
Conference Dates
August 1-4, 2017
Conference Location
Washington, DC
Conference Title
Balisage: The Markup Conference


Security Content Automation Protocol, SCAP, Darwin Information Typing Architecture, DITA, SCAP Security Guide, specialization, XCCDF, platform fragmentation


Lubell, J. (2017), Using DITA to Create Security Configuration Checklists, Balisage Series on Markup Technologies, Washington, DC, [online], (Accessed May 21, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created July 31, 2017, Updated November 10, 2018