April 26, 2025
3
min read
Michael Hammond

Can Automating Your Security Assessments Be the Key to Increased Security?

Editor
Michael Hammond
Category
Offensive Security
Date
April 26, 2025
Share:
Twitter
Instagram
LinkedIn

In June 2017, the National Institute of Standards and Technology (NIST) released the NIST Interagency Report (NISTIR) 8011 overview of the “Automation Support for Security Assessments”.

Organizations looking to move from reactive IT security to a more mature refined approach may consider putting in the effort necessary to automate assessment. By assessing information security controls more frequently, a near real-time view of the environment and the understanding of the overall security posture gives management the right information at the right time to make more informed decisions. The purpose of the NISTIR documents provide an approach for automating the assessment of security controls in systems and organizations.NIST intends to release 13 volumes, logically grouped, to help facilitate automating the assessment of these controls.

  • Volume 1 Overview
  • Volume 2 Hardware Asset Management
  • Volume 3 Software Asset Management
  • Volume 4 Configuration Settings Management
  • Volume 5 Vulnerability Management
  • Volume 6 Boundary Management (Physical, Filters, and Other Boundaries)
  • Volume 7 Trust Management
  • Volume 8 Security-Related Behavior Management
  • Volume 9 Credentials and Authentication Management
  • Volume 10 Privilege and Account Management
  • Volume 11 Event (Incident and Contingency) Preparation Management
  • Volume 12 Anomalous Event Detection Management
  • Volume 13 Anomalous Event Response and Recovery Management

To begin the process of automation, one key area for automating security control assessments, and nearly all automation, is that the data must be machine readable. The inputs to any automation must be in a format where computers can input, process, and output the data without human interaction. Examples of machine readable could be network scans to identify serial numbers for hardware and software assets; password policies for configuration settings; or the list of patches applied to servers for vulnerability management.The first two NIST guides, 93 pages and 155 pages respectively can be an invaluable source for advancing your organizations security posture. The PDF volumes can be found on the NIST website at http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-8011

Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

OCD Tech

25 BHOP, Suite 407, Braintree MA, 02184

844-623-8324

https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
SOC 2 ® Readiness Assessment
SOC 2 ®
SOC 3 ®
SOC for Cybersecurity ®
IT Advisory Services
IT Vulnerability Assessment
Penetration Testing
Privileged Access Management
Social Engineering
WISP
General IT Controls Review
IT Government Compliance Services
CMMC
DFARS Compliance
FTC Safeguards vCISO

Industries

Financial Services
Government
Enterprise
Auto Dealerships

Blog
Category

Can Automating Your Security Assessments Be the Key to Increased Security?

By  
Michael Hammond
June 30, 2017
3
min read
Share this post

In June 2017, the National Institute of Standards and Technology (NIST) released the NIST Interagency Report (NISTIR) 8011 overview of the “Automation Support for Security Assessments”.

Organizations looking to move from reactive IT security to a more mature refined approach may consider putting in the effort necessary to automate assessment. By assessing information security controls more frequently, a near real-time view of the environment and the understanding of the overall security posture gives management the right information at the right time to make more informed decisions. The purpose of the NISTIR documents provide an approach for automating the assessment of security controls in systems and organizations.NIST intends to release 13 volumes, logically grouped, to help facilitate automating the assessment of these controls.

  • Volume 1 Overview
  • Volume 2 Hardware Asset Management
  • Volume 3 Software Asset Management
  • Volume 4 Configuration Settings Management
  • Volume 5 Vulnerability Management
  • Volume 6 Boundary Management (Physical, Filters, and Other Boundaries)
  • Volume 7 Trust Management
  • Volume 8 Security-Related Behavior Management
  • Volume 9 Credentials and Authentication Management
  • Volume 10 Privilege and Account Management
  • Volume 11 Event (Incident and Contingency) Preparation Management
  • Volume 12 Anomalous Event Detection Management
  • Volume 13 Anomalous Event Response and Recovery Management

To begin the process of automation, one key area for automating security control assessments, and nearly all automation, is that the data must be machine readable. The inputs to any automation must be in a format where computers can input, process, and output the data without human interaction. Examples of machine readable could be network scans to identify serial numbers for hardware and software assets; password policies for configuration settings; or the list of patches applied to servers for vulnerability management.The first two NIST guides, 93 pages and 155 pages respectively can be an invaluable source for advancing your organizations security posture. The PDF volumes can be found on the NIST website at http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-8011

Share this post
Michael Hammond

Similar articles

Offensive Security

Understanding Penetration Testing Report Formats

OCD Tech
April 8, 2025
9
min read
Offensive Security

The Increase in AI Phishing: Insights from KnowBe4's Recent Report

OCD Tech
March 31, 2025
7
min read
Offensive Security

Vulnerabilities

OCD Tech
May 30, 2024
4
min read
Offensive Security

5 Internal Controls

OCD Tech
May 14, 2024
6
min read
View all
Company
About UsBlog
About
Privacy policyCookies Settings
CONTACT US
25 Braintree Hill Office Park, Suite 407
Braintree MA, 02184info@ocd-tech.com844-623-8324
Copyright © 2025 OCD Tech