The information security industry is in the midst of a sea change fostering radical improvements in enterprise security.  This session explores the variety of technical and procedural changes that are producing standards-based solutions for vulnerability, configuration, inventory and patch management.   Standards-based  solutions for vulnerability, configuration, inventory and patch management are discussed, as are the standards-based directives and publicly available content from the industry and government through the OMB's FDCC, SCAP and FISMA updates, along with industry's PCI, CWE Top 25 Consensus Audit Guide.