Open Cybersecurity Alliance Adds PACE Posture Assessment Project
Security practitioners will leverage PACE to evaluate their organization's overall state of cybersecurity readiness
BOSTON, MA, USA, December 9, 2021 /EINPresswire.com/ -- The Open Cybersecurity Alliance (OCA), a global, standards-based initiative to simplify integration across the threat lifecycle, announced today that it has accepted the Posture Attribute Collection and Evaluation (PACE) project contributed by the Center for Internet Security (CIS), the National Security Agency (NSA) and McAfee. PACE will focus on creating production-ready code that evaluates the posture assessment of computing resources using a communication fabric which will allow organizations to use this information in zero-trust architecture decisioning.
Based on an implementation effort from the IETF Security Automation and Continuous Monitoring (SACM) architecture, PACE will deliver community-maintained code that will arm operators with an interoperable out-of-the-box solution that monitors risk and threat exposure, reducing integration costs and redundancy while increasing resiliency. Providing comprehensive views into the endpoint, PACE will take advantage of existing standards such as SCAPv2 and leverage ongoing work in SBOM, to allow cybersecurity practitioners to fully utilize threat-informed defenses in their environment in an open and interoperable fashion.
The PACE project aligns with the OCA’s mission of integrating tools and solutions across security teams and will directly enable vendors and end users, advancing the OCA’s mission of building an open ecosystem where cybersecurity products interoperate without the need for customized integrations.
"NSA Cybersecurity is proud to have supported the development of the OASIS standard OpenC2 language for command and control, which has been included in PACE. Additionally, PACE will leverage several of the cybersecurity standardization efforts NSA has been working on with industry partners to improve the cybersecurity of National Security Systems, the Department of Defense and the Defense Industrial Base."
-- Neal Ziring, Cybersecurity Technical Director, National Security Agency
PACE joins other OCA projects that include Kestrel, the threat hunting tool, the STIX Shifter patterning library, and the OCA Ontology.
The OCA is hosted by OASIS Open, one of the most respected, international bodies in the world for open source and standards. To learn more about the OCA, or other OCA technologies that are available to help security teams connect their security tools and data, please visit: https://github.com/opencybersecurityalliance.
Quotes from OCA sponsors including: the Center for Internet Security, CyberNB, Cydarm Technologies, Cyware Labs, EclecticIQ, F5 Inc., IBM Security, McAfee, Rapid7, SAIC, sFractal Consulting, ThreatQuotient and VISUA may be found here: https://www.oasis-open.org/2021/12/09/open-cybersecurity-alliance-adds-pace-posture-assessment-project.
About the Open Cybersecurity Alliance
The Open Cybersecurity Alliance brings together vendors and end-users to create an open cybersecurity ecosystem where products can freely exchange information, insights, analytics, and orchestrated response. OCA supports commonly developed code and tooling and the use of mutually agreed upon technologies, data standards, and procedures. The OCA is governed under the auspices of OASIS Open, which offers projects a path to standardization and de jure approval for reference in international policy and procurement.
The OCA is led by these organizations committed to solving the costly problem of siloed cyber tools and products: Center for Internet Security (CIS), Copado, Cybereason, CyberNB, Cydarm, Cyware, EclecticIQ, F5 Inc., IBM Security, McAfee, Prophecy International, Rapid7, sFractal Consulting, SafeBreach, SAIC, Tenable, ThreatQuotient, TruSTAR, VISUA and VMware.
Media inquiries:
Dee Schur
OASIS Open
+1 941-321-6733
dee.schur@oasis-open.org
Visit us on social media:
Facebook
Twitter
LinkedIn
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.