Data processing: measuring – calibrating – or testing – Measurement system – Statistical measurement
Reexamination Certificate
2005-05-31
2005-05-31
Wachsman, Hal D. (Department: 2857)
Data processing: measuring, calibrating, or testing
Measurement system
Statistical measurement
C702S179000
Reexamination Certificate
active
06901346
ABSTRACT:
A computer-implemented system, method and medium for assessing the risk of and/or determining the suitability of a system to comply with at least one predefined standard, regulation and/or requirement. In at least some embodiments of the present invention, the method can utilize the steps of: 1) gathering information pertaining to the system, 2) selecting one or more requirements with which the system is to comply; 3) testing the system against the requirements; 4) performing risk assessment of the failed test procedures, and 5) generating certification documentation based on an assessment of the first four elements.
REFERENCES:
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5625751 (1997-04-01), Brandwajn et al.
patent: 5684959 (1997-11-01), Bhat et al.
patent: 5699403 (1997-12-01), Ronnen
patent: 5740248 (1998-04-01), Fieres et al.
patent: 5796942 (1998-08-01), Esbensen
patent: 5850516 (1998-12-01), Schneier
patent: 5859847 (1999-01-01), Dew et al.
patent: 5870545 (1999-02-01), Davis et al.
patent: 5892900 (1999-04-01), Ginter et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5931946 (1999-08-01), Terada et al.
patent: 6006328 (1999-12-01), Drake
patent: 6134664 (2000-10-01), Walker
patent: 6148401 (2000-11-01), Devanbu et al.
patent: 6151599 (2000-11-01), Shrader et al.
patent: 6185689 (2001-02-01), Todd et al.
patent: 6205407 (2001-03-01), Testa et al.
patent: 6219626 (2001-04-01), Steinmetz et al.
patent: 6219628 (2001-04-01), Kodosky et al.
patent: 6219805 (2001-04-01), Jones et al.
patent: 6256773 (2001-07-01), Bowman-Amuah
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6298445 (2001-10-01), Shostack et al.
patent: 6317868 (2001-11-01), Grimm et al.
patent: 6324647 (2001-11-01), Bowman-Amuah
patent: 6370573 (2002-04-01), Bowman-Amuah
patent: 6389402 (2002-05-01), Ginter et al.
patent: 6401073 (2002-06-01), Tokuda et al.
patent: 6405364 (2002-06-01), Bowman-Amuah
patent: 6408391 (2002-06-01), Huff et al.
patent: 6473794 (2002-10-01), Guheen et al.
patent: 2001/0027389 (2001-10-01), Beverina et al.
patent: 2001/0034847 (2001-10-01), Gaul, Jr.
patent: 2002/0104014 (2002-08-01), Zobel et al.
patent: 0999489 (2000-05-01), None
patent: WO 00/70463 (2000-11-01), None
patent: WO 01/37511 (2001-05-01), None
patent: WO 01/59989 (2001-08-01), None
patent: WO 0199349 (2001-12-01), None
patent: WO02/061544 (2002-08-01), None
Dennis Szerszen, “Secure Strategies—A Year-Long Series on the Fundamentals of Information Systems Security—Extending your business to the Web requires a firm understanding of directories, what they offer and the challenges you'll face in deploying them,” Apr. 2000, Part I, from http://infosecuritymag.techtarget.com/articles/april00/features4.shtml, pp. 1-4.
“DOD Information Technology Security Certification and Accreditation Process (DITSCAP),” Lesson 11, Aug. 29, 2000, from http://atzhssweb.gordon.army.mil/otd/c2protect/isso/item17.html, pp. 1-25.
The Mitre Croporation, “The Key to Information Sharing—Common Vulnerabilities & Exposures,” Aug. 17, 2000, from http://www.cve.mitre.org/about/introduction.html.
Al Berg, “Secure Strategies—A Year-Long Series on the Fundamentals of Information Systems Security—On the surface, all vulnerability assessment scanners perform essentially the same way. Here's how to decide which on-if-any-is right for your requirements,” Part 2, “Audits, Assessments & Tests (Oh, My),” from http://www.infosecuritymag.com/aug2000/securestrategies.htm, pp. 1-5.
Dan Swanson, “Secure Strategies—A Year-Long Series on the Fundamentals of Information Systems Security—Avoiding Is Icebergs,” Part 4, “Audits, Assessments & Tests (Oh, My),” from http://www.infosecuritymag.com/oct2000/icebergs.htm, pp. 1-4, Oct. 2000.
George Kurtz and Chris Prosise, “Secure Strategies—Penetration Testing Exposed,” Part 3, “Audits, Assessments & Tests (Oh, My),” from http://www.infosecuritymag.com/sep2000/securestrategies.htm, pp. 1-5.
Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) Application Manual, Jul. 31, 2000, DoD 8510.1-M, pp. 1-157.
Department of Defense Standard “Department of Defense Trusted Computer System Evaluation Criteria,” Dec. 26, 1985, DOD 5200.28-STD (Supersedes CSC-STD-001-83, dtd Aug. 15, 1983, Library No. S225,711), pp. 1-71.
Apr. 11, 2002. International Preliminary Examination Report from PCT/US00/09842 (note that all references were cited previously in IDS submissions on Jul. 29, 2002 and Nov. 12, 2002).
Polk, W. T. Dec. 1992. “Automated Tools for Testing computer system vulnerability (Abstract).” National Institute of Standards & Technology, Washington, DC.
Hochberg, Judith, Kathleen Jackson, Cathy Stallings, J.F. McClary, David Dubois, and Josephine Ford. May 3, 1993. “NADIR: An automated system for detecting network intrusion and misuse (Abstract).” Computers & Security, vol. 12, No. 3.
Dec. 26, 1985. “Department of Defense Trusted Computer System Evaluation Criteria.” DoD 5200.28-STD.
Jul. 31, 2000. “Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP): Application Manual.” DoD 8510.1-M.
Baskerville, Richard. Dec. 4, 1993. “Information Systems Security Design Methods: Implications for Information Systems Development.” ACM Computing Surveys, vol. 25, No. 4, pp. 375-414.
Zhou, Qin, J. Davidson, and A.A. Fouad. Feb. 1994. “Application of artificial neural networks in power system security and vulnerability assessment (Abstract only).” IEEE Transactions on Power Systems, vol. 9, No. 1.
Jackson, K. A., J. G. Hochberg, S. K. Wilhelmy, J. F. McClary, and G. G. Christoph. May 3-5, 1994. “Management issues in automated audit analysis (Abstract only).” Los Alamos National Lab, Department of Energy computer security group training conference. Denver, Colorado.
Jackson, K. A., M. C. Neuman, D. D. Simmonds, C. A. Stallings, and J. L. Thompson. May 1-4, 1995. “Misuse and intrusion detection at Los Alamos National Laboratory (Abstract only).” Department of Energy computer security group training conference (17th). Milwaukee, Wisconsin.
Casella. K. A. Sep 17-22, 1995. “Security administration in an open networking environment (Abstract only).” Proceedings of the Ninth Systems Adminstration Conference, Monterey, California.
Doty, T. Fall 1995. “Test Driving Satan (Abstract only).” Computer Security Journal, vol. 11, No. 2.
Karygiannis, T. Mar. 23-25, 1998. “Network security testing using mobile agents (Abstract only).” Proceedings of the Third International Conference on the Practical Application of Intelligent Agents and a Multi-Agent Technology, London, United Kingdom.
Gimble, T. F., M. F. Ugone, C. A. Miggisn, D. L. Dixon, and K. Fitzpatrick. Jun. 3, 1998. “Information Assurance for the Defense Civilian Personnel Data System—Washington, Headquartes Services (Abstract only).” Audit Report, Department of Defense, Office of the Inspector General. Washington, DC.
Swiler, L. P. and C. Phillips. Jun. 30, 1998. “Graph-based system for network-vulnerability analysis (Abstract only).” USDOE Office of Financial Management and Controller. Washington DC.
Rudd, Alan, Joel McFarland, and Scott Olsen. Aug. 1998. “Managing security vulnerabilities in a networked world ((Abstract only).” Journal of Digital Imaging, vol. 11, No. 3, Suppl. 1.
Mar. 1999. “DoD Information Technology Security Certificate and Accreditation Process (DITSCAP) (on CD-ROM) (Abstract only).” Defense Information Systems Agency. Arlington, Virginia.
Levine, Diane E. May 24, 1999. “CyberCop Patrols on Linux: Network Associates Scanner Detects Security, System Vulnerabilities.”InformationWeek,2 pages.
Jun. 1999. “Intrusion de
Barrett Hugh
Berman Lon J.
Catlin Gary M.
Hall, Jr. Larry L.
Smith Peter A.
Telos Corporation
Wachsman Hal D.
LandOfFree
System, method and medium for certifying and accrediting... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System, method and medium for certifying and accrediting..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System, method and medium for certifying and accrediting... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3390023