Security Content Automation Protocol - Wikipedia, the free encyclopedia. The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e. FISMA compliance). SAINT is a NIST-Validated SCAP Solution. The Security Content Automation Protocol (SCAP) is a specification established by the U.S. National Institute of Standards. The National Checklist Program (NCP), defined by the NIST SP 800-70 Rev. 3, is the U.S. government repository of publicly available security checklists (or benchmarks. The Security Content Automation Protocol (SCAP) Compliance Checker (SCC) is a SCAP 1.0 Validated Scanner, with support for SCAP versions 1.1 and 1.2, and an Open. The SCAP Extensions for Microsoft System Center Configuration Manager use the Compliance Settings feature in Configuration Manager to scan the computers in your. The extensions enable Configuration Manager 2007 to consume Security Content Automation Protocol (SCAP) data streams, assess systems for compliance, and generate. SAINT Corporation offers vulnerability management products and services including vulnerability assessment and penetration testing. The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those. The purpose of the United States Government Configuration Baseline (USGCB) initiative is to create security configuration baselines for Information Technology. The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy. The National Vulnerability Database (NVD) is the U. S. government content repository for SCAP. Purpose[edit]The Security Content Automation Protocol (SCAP), pronounced "ess- cap", combines a number of open standards that are used[by whom?] to enumerate software flaws and configuration issues related to security. They measure systems to find vulnerabilities and offer methods to score those findings in order to evaluate the possible impact. It is a method for using those open standards for automated vulnerability management, measurement, and policy compliance evaluation. SCAP defines how the following standards (referred to as SCAP 'Components') are combined: SCAP Components[edit]Starting with SCAP version 1. Starting with SCAP version 1. SCAP Checklists[edit]Security Content Automation Protocol (SCAP) checklists standardize and enable automation of the linkage between computer security configurations and the NIST Special Publication 8. SP 8. 00- 5. 3) controls framework. The current[when?] version of SCAP is meant to perform initial measurement and continuous monitoring of security settings and corresponding SP 8. Future versions will likely standardize and enable automation for implementing and changing security settings of corresponding SP 8. In this way, SCAP contributes to the implementation, assessment, and monitoring steps of the NIST Risk Management Framework. Accordingly, SCAP forms an integral part of the NIST FISMA implementation project. SCAP Validation Program[edit]Security programs overseen by NIST focus on working with government and industry to establish more secure systems and networks by developing, managing and promoting security assessment tools, techniques, services, and supporting programs for testing, evaluation and validation; and addresses such areas as: development and maintenance of security metrics, security evaluation criteria and evaluation methodologies, tests and test methods; security- specific criteria for laboratory accreditation; guidance on the use of evaluated and tested products; research to address assurance methods and system- wide security and assessment methodologies; security protocol validation activities; and appropriate coordination with assessment- related activities of voluntary industry standards bodies and other assessment regimes. Independent third party testing assures the customer/user that the product meets the NIST specifications. The SCAP standards can be complex and several configurations must be tested for each component and capability to ensure that the product meets the requirements. A third- party lab (accredited by National Voluntary Laboratory Accreditation Program (NVLAP)) provides assurance that the product has been thoroughly tested and has been found to meet all of the requirements. A vendor seeking validation of a product should contact an NVLAP accredited SCAP validation laboratory for assistance in the validation process. A customer who is subject to the FISMA requirements, or wants to use security products that have been tested and validated to the SCAP standard by an independent third party laboratory should visit the SCAP validated products web page to verify the status of the product(s) being considered. External links[edit]. Security Content Automation Protocol (SCAP) Compliance Checker. The Security Content Automation Protocol (SCAP) Compliance Checker (SCC) is a SCAP 1. Validated Scanner, with support for SCAP versions 1. Open Vulnerability Assessment Language (OVAL) adopter, capable of performing compliance verification using SCAP content, and authenticated vulnerability scanning using OVAL content. Latest Software Release: • Version: 4. Release Date: March 4, 2. Standards Supported• SCAP : 1. OVAL : 5. 3, 5. XCCDF : 1. 1. 4, 1. CPE : 2. 2, 2. 3• CCE : 5. OCIL : 2. 0• ARF : 1. AI : 1. 0• TMSAD : 1. Platforms Supported • Windows Vista, 2. R2, 8, 2. 01. 2, 8. R2, 1. 0 (x. 86 & x. Solaris 1. 0 & 1. SPARC)• RHEL 5, 6, 7 (x. HPUX 1. 1iv. 3 (IA6. AIX 5. 3, 6. 1 (Power. PC)• Debian (x. 86 & x. Mac OS X (x. 86)Primary Features: • No per seat license costs for Federal government/contractor computers• Performs compliance scanning using SCAP content• Performs vulnerability scanning using OVAL content• Performs manual interview checks using OCIL content• Creates XCCDF XML results• Creates OVAL XML results• Creates ARF XML results• Creates Cyberscope Autofeed XML results• Creates HTML and text based single computer reports• Creates HTML and spreadsheet based multi- computer summary reports• Allows for installation of custom SCAP and OVAL content• Allows for organizational deviations• Allows for organizationally defined compliance thresholds• Has graphical and command line interfaces• Native executables per platform (no runtime requirements such as Java)References: • NIST USGCB - http: //usgcb. NIST SCAP - http: //scap. Obtaining the Software (Non- DOD) For US Government Employees and contractors with a . Office of Management and Budget (OMB) hosted MAX. Users will be required to self- activate an account in order to obtain the files. After registration, the software can be downloaded from: https: //max. KYRh. Kg. Alternate Method. SCC is available for any government employee or contractor to the US government; it is not available to the general public. If you are unable to download SCC by one of the 2 primary methods above, the software can be requested by emailing: ssc_lant- scc@navy. Please include the following in your request: 1. US Federal agency you are supporting. Government POC with . Contract Number. Technical Support. To obtain technical support on the SCC application, please email: ssc_lant- scc@navy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
September 2016
Categories |