This webpage contains a list of products and modules that have been validated by NIST as conforming to the Security Content Automation Protocol (SCAP) and its component standards. SCAP validated products and modules have completed formal testing at an NVLAP accredited laboratory and meet all requirements as defined in NIST IR 7511. A module is defined as a software component that may be embedded in another product. If an SCAP module is a component of another product, contact the module vendor to identify products that integrate the SCAP validated module. ...
Follow the links from the table below to see a full description of the products validation information, tested platforms, and status. Please visit the SCAP validation program and the SCAP Validation FAQ webpages for a description of the validation process and information about SCAP capabilities, validated products and modules. For more information related to SCAP, please visit https://scap.nist.gov
Please visit the SCAP validation program webpage for a description of the validation process and information on the SCAP capabilities referenced in the table below. For more information relating to SCAP please visit https://scap.nist.gov.
The U.S. Office of Management and Budget has required, in the August 11, 2008, M-08-22 memorandum to Federal CIOs, that "Both industry and government information technology providers must use SCAP validated tools with FDCC Scanner capability to certify their products operate correctly with FDCC configurations and do not alter FDCC settings. Agencies will use SCAP tools to scan for both FDCC configurations and configuration deviations approved by department or agency accrediting authority. Agencies must also use these tools when monitoring use of these configurations as part of FISMA continuous monitoring."
Situational Awareness and Incident Response SmartBUY
The General Services Administration is requiring SCAP validation within blanket purchase agreements for vulnerability and configuration management products (Solicitation Number: Reference-Number-QTA0-08-HC-B-0003).
Product Vendor | Product Name | Validation Date | ||
---|---|---|---|---|
Nexpose 6 |
03/29/2017 | |||
SCAP Capabilities: Product / Module Validation: |
|
|||
OpenSCAP 1 |
02/22/2017 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
Secutor Compliance Automation Toolkit (S-CAT) 5 |
12/13/2016 | |||
SCAP Capabilities: Product / Module Validation: Module |
|
|||
SCAP Compliance Checker 4 |
08/26/2016 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
IBM BigFix Compliance 9.2 |
06/09/2016 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
Nexpose 6 |
05/09/2016 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
SCAP Extensions for Microsoft System Center Configuration Manager 3.0 |
09/28/2015 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
Security Center 5 |
08/25/2015 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
Secutor Prime 5 |
04/21/2015 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
Qualys SCAP Auditor 1.2 |
02/26/2015 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
SAINT Security Suite 8 |
01/27/2015 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
BMC Server Automation 8.6 |
12/30/2014 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
IBM Endpoint Manager 9 |
10/24/2014 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
BMC Client Management 12.0.0 |
09/26/2014 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
Policy Auditor 6.2 |
09/17/2014 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
OpenSCAP 1.0 |
04/17/2014 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
CIS-CAT Pro Assessor (formerly Configuration Assessment Tool (CIS-CAT)) 3 |
03/24/2014 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
|||
Tripwire Enterprise 8 |
11/07/2013 | |||
SCAP Capabilities: Product / Module Validation: Product |
|
NOTE: All SCAP 1.0 Validated Products Expired December 31, 2013.
Security and Privacy: continuous monitoring, patch management, security automation, testing & validation, vulnerability management