U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects SCAP Validation Program

Security Content Automation Protocol Validation Program SCAPVP

SCAP 1.2 Validated Products and Modules

Security Content Automation Protocol Validated Products and Modules

This webpage contains a list of products and modules that have been validated by NIST as conforming to the Security Content Automation Protocol (SCAP) and its component standards. SCAP validated products and modules have completed formal testing at an NVLAP accredited laboratory and meet all requirements as defined in NIST IR 7511. A module is defined as a software component that may be embedded in another product. If an SCAP module is a component of another product, contact the module vendor to identify products that integrate the SCAP validated module.

Follow the links from the table below to see a full description of the products validation information, tested platforms, and status. Please visit the SCAP validation program and the SCAP Validation FAQ webpages for a description of the validation process and information about SCAP capabilities, validated products and modules. For more information related to SCAP, please visit https://scap.nist.gov

Please visit the SCAP validation program webpage for a description of the validation process and information on the SCAP capabilities referenced in the table below. For more information relating to SCAP please visit https://scap.nist.gov.

Support for U.S. Government Programs

The U.S. Office of Management and Budget has required, in the August 11, 2008, M-08-22 memorandum to Federal CIOs, that "Both industry and government information technology providers must use SCAP validated tools with FDCC Scanner capability to certify their products operate correctly with FDCC configurations and do not alter FDCC settings. Agencies will use SCAP tools to scan for both FDCC configurations and configuration deviations approved by department or agency accrediting authority. Agencies must also use these tools when monitoring use of these configurations as part of FISMA continuous monitoring."

 

SCAP 1.3 Validated Products and Modules

Product Vendor Product Name Validation Date
McAfee Logo

McAfee

Vendor Product

 04/20/2021
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:
Product

View Tested Platforms

  Microsoft Windows 7, SP1, 32-bit
Microsoft Windows 7, SP1, 64-bit
JOVAL Logo

Joval 6 SCAP 1.3 Module

Validation Record

Vendor Product

 12/24/2020
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:
Module

View Tested Platforms

  Microsoft Windows 7, SP1, 32-bit
Microsoft Windows 7, SP1, 64-bit
Microsoft Windows Vista, SP2
Microsoft Windows 8.1 SP0 32-bit
Microsoft Windows 8.1 SP0 64-bit
Microsoft Windows 10 SP0 32-bit
Microsoft Windows 10 SP0 64-bit
Microsoft Windows Server 2012 R2 SP0 64-bit
Red Hat Enterprise Linux 6 32-bit
Red Hat Enterprise Linux 6 64-bit
Red Hat Enterprise Linux 7 64-bit
Apple Mac OS 10.11 (OS X El Capitan)

SCAP 1.2 Validated Products and Modules

The General Services Administration is requiring SCAP validation within blanket purchase agreements for vulnerability and configuration management products (Solicitation Number: Reference-Number-QTA0-08-HC-B-0003).

Product Vendor Product Name Validation Date
Rapid 7 Logo

Nexpose 6

Validation Record

Vendor Product

 03/29/2017
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:
Product

View Tested Platforms

 

Microsoft Windows Vista, SP2, 32 bit

Microsoft Windows 7, SP1, 64 bit
Red Hat Enterprise Linux 5.11, 64 bit
Red Hat Enterprise Linux 5.11, 32 bit
Red Hat®, Inc.

OpenSCAP 1

Validation Record

Vendor Product

 02/22/2017
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Red Hat Enterprise Linux 6.8, 32 bit
Red Hat Enterprise Linux 6.8, 64 bit
Red Hat Enterprise Linux 7.2, 64 bit
ThreatGuard Logo

Secutor Compliance Automation Toolkit (S-CAT) 5

Validation Record

Vendor Product

 12/13/2016
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

 Module

View Tested Platforms

  Microsoft Windows XP Professional, SP3, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows 7, SP1, 32 bit
Microsoft Windows 7, SP1, 64 bit
Microsoft Windows 8.1, 32 bit
Microsoft Windows 8.1, 64 bit
Microsoft Windows Server 2012, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit
Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 6.7, 32 bit
Red Hat Enterprise Linux 6.7, 64 bit
Red Hat Enterprise Linux 7.2, 64 bit
SPAWAR Log

SCAP Compliance Checker 4

Validation Record

Vendor Product

 08/26/2016
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows Server 2012, 64 bit
Red Hat Enterprise Linux 6.8, 32 bit (x86)
Red Hat Enterprise Linux 7.2, 64 bit (x64)
IBM Logo

IBM BigFix Compliance 9.2

Validation Record

Vendor Product

 06/09/2016
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Red Hat Enterprise Linux 5.11, 64 bit
Red Hat Enterprise Linux 5.11, 32 bit
Rapid 7 Logo

Nexpose 6

Validation Record

Vendor Product

 05/09/2016
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows XP Professional SP3, 32 bit
Microsoft Windows Vista SP1, 32 bit
Microsoft Logo

SCAP Extensions for Microsoft System Center Configuration Manager 3.0

Validation Record

Vendor Product

 09/28/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Tenable Logo

Security Center 5

Validation Record

Vendor Product

 08/25/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5.10, 64 bit
Red Hat Enterprise Linux 5.10, 32 bit
ThreatGuard Logo

Secutor Prime 5

Validation Record

Vendor Product

 04/21/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

 

Microsoft Windows XP Professional SP3, 32 bit
Microsoft Windows Vista SP1, 32 bit
Microsoft Windows 7, SP1 32bit
Microsoft Windows 7, SP1 64bit
Red Hat Enterprise Linux 5, 32 bit
Red Hat Enterprise Linux 5, 64 bit
Qualys Logo

Qualys SCAP Auditor 1.2

Validation Record

Vendor Product

 02/26/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Red Hat Enterprise Linux 5.10, 64 bit
Red Hat Enterprise Linux 5.10, 32 bit
SAINT Logo

SAINT Security Suite 8

Validation Record

Vendor Product

 01/27/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit
BMC Logo

BMC Server Automation 8.6

Validation Record

Vendor Product

 12/30/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Red Hat Enterprise Linux 5.9, 64 bit
IBM Logo

IBM Endpoint Manager 9

Validation Record

Vendor Product

 10/24/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
BMC Logo

BMC Client Management 12.0.0

Validation Record

Vendor Product

 09/26/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit
Intel Security McAfee Logo

Policy Auditor 6.2

Validation Record

Vendor Product

 09/17/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit
Red Hat®, Inc.

OpenSCAP 1.0

Validation Record

Vendor Product

 04/17/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit
CIS Logo

CIS-CAT Pro Assessor (formerly Configuration Assessment Tool (CIS-CAT)) 3

Validation Record

Vendor Product

 03/24/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5, 64 bit
Red Hat Enterprise Linux 5, 32 bit
Tripwire Logo

Tripwire Enterprise 8

Validation Record

Vendor Product

 11/07/2013
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Red Hat Enterprise Linux 5, 64 bit
Red Hat Enterprise Linux 5, 32 bit

NOTE: All SCAP 1.0 Validated Products Expired December 31, 2013.

Contacts

SCAP Validation Inquiries
ir7511comments@nist.gov

Created November 06, 2017, Updated July 16, 2021