This is intended to be a reference ONLY!
Plugins provided by Defense Asset Distribution Systems (DADS)
IAVM employs positive control mechanisms to mitigate potentially critical software vulnerabilities, through the rapid development and dissemination of actions to all Combatant Commands/Services/Agencies/Field Activities (CC/S/A/FAs).
Updated Every Thursday
The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of DoD's security systems by providing the Security Technical Implementation Guides (STIGs). The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack.
CVE was launched in 1999 when most information security tools used their own databases with their own names for security vulnerabilities.
At that time there was no significant variation among products and no easy way to determine when the different databases were referring to the same problem.
The consequences were potential gaps in security coverage and no effective interoperability among the disparate databases and tools.
In addition, each tool vendor used different metrics to state the number of vulnerabilities or exposures they detected, which meant there was no standardized basis for evaluation among the tools.
CVE's common, standardized identifiers provided the solution to these problems.
CVE is now the industry standard for vulnerability and exposure names. CVE Identifiers - also called "CVE names," "CVE numbers," "CVE-IDs," and "CVEs" - provide reference points for data exchange so that information security products and services can speak with each other. CVE Identifiers also provides a baseline for evaluating the coverage of tools and services so that users can determine which tools are most effective and appropriate for their organization's needs. In short, products and services compatible with CVE provide better coverage, easier interoperability, and enhanced security.
Useful resources provided by Microsoft
The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas. Community participation is a great strength for SCAP, because the security automation community ensures the broadest possible range of use cases is reflected in SCAP functionality.
The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks. CCI also provides a means to objectively rollup and compare related compliance assessment results across disparate technologies.
Updated Periodically
CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name.
Updated Frequently
The Common Weakness Enumeration (CWE™) is a list of software weaknesses. Creating the list is a community initiative. Together, these organizations and any others that wish to join the effort, are creating specific and succinct definitions for each of the elements in the CWE List. By leveraging the widest possible group of interests and talents we hope to ensure that the CWE elements are adequately described and differentiated. We continually will work to capture the specific effects, behaviors, exploit mechanisms, and implementation details in the CWE dictionary as well as to review and revise the presentation approaches to provide those that best suit the community using this information.
Updated Frequently
CCE provides unique identifiers to system configuration issues in order to facilitate fast and accurate correlation of configuration data across multiple information sources and tools. For example, CCE Identifiers can be used to associate checks in configuration assessment tools with statements in configuration best-practice
Flash
Adobe Flash (formerly called Macromedia Flash and Shockwave Flash) is a multimedia and software platform used for creating vector graphics, animation, browser games, rich Internet applications, desktop applications, mobile applications and mobile games. Flash displays text, vector and raster graphics to provide animations, video games and applications. It allows streaming of audio and video, and can capture mouse, keyboard, microphone and camera input.
Flash graphics and animation is designed using the Flash editor, and may be viewed by end-users using Flash Player (for web browsers), AIR (for desktop or mobile apps) or third-party players such as Scaleform GFx (for video games). Adobe Flash Player enables end-users to view Flash content using web browsers, and is supported on Microsoft Windows, Mac OS X and Linux. Adobe Flash Lite enabled viewing Flash content on older smartphones, but has been discontinued and superseded by Adobe AIR.
The ActionScript programming language allows creation of interactive animations, video games, web applications, desktop applications and mobile applications. Flash software can be developed using an IDE such as Adobe Flash Professional, Adobe Flash Builder, FlashDevelop and Powerflasher FDT. Adobe AIR enables full-featured desktop and mobile applications to be developed with Flash, and published for Microsoft Windows, Mac OS X, Google Android, and iOS.
Flash is frequently used to display streaming video, advertisement and interactive multimedia content on web pages and Flash-enabled software. However, after the 2000s, the usage of Flash on Web sites has declined,[1] and as of 2015, Flash is primarily used to build video games for mobile devices with Adobe AIR.
Reader
Adobe Acrobat Reader DC software is the free, trusted standard for viewing, printing, signing, and annotating PDFs. It's the only PDF viewer that can open and interact with all types of PDF content - including forms and multimedia. It's connected to Adobe Document Cloud – so you can work with PDFs on computers and mobile devices.
Java
Java allows you to play online games, chat with people around the world, calculate your mortgage interest, and view images in 3D, just to name a few. It's also integral to the intranet applications and other e-business solutions that are the foundation of corporate computing.
The "offline" versions are full packages.
Firefox
FireFox allows you to play online games, chat with people around the world, calculate your mortgage interest, and view images in 3D, just to name a few. It's also integral to the intranet applications and other e-business solutions that are the foundation of corporate computing.
The "offline" versions are full packages.
PuTTY
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator. It is written and maintained primarily by Simon Tatham.
Chrome
Google Chrome is a fast, free web browser.
PKI/PKE Document Library (Public)
Edge Browser (Chromium)
Get the latest Microsoft Edge update for your business, school, or organization with multi-platform support in over 90 languages.
Malware Protection Engine
Microsoft continually updates security intelligence in antimalware products to cover the latest threats and to constantly tweak detection logic, enhancing the ability of Windows Defender Antivirus and other Microsoft antimalware solutions to accurately identify threats. This security intelligence works directly with cloud-based protection to deliver fast and powerful AI-enhanced, next-generation protection.
Windows Malicious Software Removal Tool
Microsoft continually updates security intelligence in antimalware products to cover the latest threats and to constantly tweak detection logic, enhancing the ability of Windows Defender Antivirus and other Microsoft antimalware solutions to accurately identify threats. This security intelligence works directly with cloud-based protection to deliver fast and powerful AI-enhanced, next-generation protection.
Current Month Releases