Secure Elements today announced that they will begin offering hands-on training courses regarding authoring and use of the Open Vulnerability Assessment Language (OVAL) and the eXtensible Configuration Checklist Description Format (XCCDF) for individuals and organizations interested in authoring documents for IS Audit evaluations and vulnerability assessments. As the world’s first enterprise software vendor to support these standards, and seasoned authors of their own content that are active contributors to the NIST Security Content Automation Program (SCAP), they will provide unique insights, tips, strategies, and lessons learned that are not available elsewhere.
The training courses are targeted to address the need for individuals tasked to author, test, evaluate, or otherwise develop applications and systems that leverage these document formats. In order to accommodate demand from a wide variety of industry participants, classes will be provided both at the Secure Elements training facility in Herndon, Virginia or at a customer’s facility. Trainers with security clearances are available.
“It became apparent in the last few months – after sponsoring free workshops for industry and government participants – that there is an unmet need for this training,” said Scott Armstrong, VP of Marketing and Alliances of Secure Elements. “There is a tremendous need throughout the community to have practical, hands on, learning experience with the authoring and development of content with these standards. As the standard methodology for measuring and benchmarking audits of security configurations and IS controls – these are the standards that enterprises and public sector organizations will be measured by for regulatory compliance.”
Additionally, Secure Elements is offering authoring services to vendors and organizations that would benefit by having security checklists for their products and applications available as part of NIST’s Security Content Automation Program or for other uses.
“XML, OVAL, and XCCDF represent a complex semantic landscape and even though they are mapped very well, some organizations prefer or need a guide to help them navigate,” said Andrew Bove, CTO of Secure Elements. “For organizations that desire to “jump start” their efforts, or for which the required skill sets may not be their core competency, we’re here to help.”
Individuals and organizations are encouraged to visit Secure Elements at the RSA Conference 2007 Innovation Station, Booth #1338, at San Francisco’s Moscone Center February 6, 7, and 8th. Product demonstrations of the C5 Compliance Platform will also be available at the booth.