Using DITA to Create Security Configuration Checklists
A Case Study
National Institute of Standards and Technology
Many software tools use security configuration checklists expressed in the Extensible Configuration Checklist Description Format (XCCDF) to monitor computers and other information technology products for compliance with security policies. But XCCDF syntax is checklist author-unfriendly. And complex relationships and dependencies between and among checklist rules, checking instructions, and software platforms make it difficult to reuse or repurpose existing XCCDF content in new checklists. The Darwin Information Typing Architecture (DITA) can tame XCCDF syntax and facilitate content management and reuse. A case study comparing the use of specialization and other DITA features with a currently-deployed ad hoc XCCDF authoring system demonstrates the advantages of the DITA approach.