Security Content Automation Protocol

Automated Vulnerability Management and Compliance

Why Evaluate
Under the sponsorship of the Department of Homeland Security, the National Institute for Standards and Technology (NIST) Computer Security Division, the Defense Information Systems Agency (DISA), the Office of the Secretary of Defense (OSD), and the National Security Agency (NSA) have partnered to establish a library of compliance automation content. These organizations have created the Information Security Automation Program (ISAP), which is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations. The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance).

As of February 1, 2008, government systems must use SCAP validated tools to report and quantify the effort of achieving agency-wide system compliance.

Why InfoGard
InfoGard is in the first group of SCAP accredited laboratories and looks forward to working with proactive vendors that want to leverage our experience in obtaining the initial certifications in emerging federal government markets.

Services: SCAP categories:

• FDCC Scanner
• Authenticated Configuration Scanner
• Authenticated Vulnerability and Patch Scanner
• Unauthenticated Vulnerability Scanner
• IDPS
• Patch Remediation
• Misconfiguration Remediation
• Asset Management
• Asset Database
• Vulnerability Database
• Misconfiguration Database
• Malware Tool

View SCAP resources >>
SCAP Standards include: CVE , CCE , CPE , CVSS , XCCDF , OVAL .

Please contact us at scap@infogard.com to find out how we may help you.