Search CSRC

Common Platform Enumeration (CPE) is a standardized method of describing and identifying classes of applications, operating systems, and hardware devices present among an enterprise's computing assets. CPE does not identify unique instantiations of products on systems, such as the installation of XYZ Visualizer Enterprise Suite 4.2.3 with serial number Q472B987P113. Rather, CPE identifies abstract classes of products, such as XYZ Visualizer Enterprise Suite 4.2.3, XYZ Visualizer Enterprise Suite (all versions), or XYZ Visualizer (all variations). IT management tools can collect information...

The Open Checklist Interactive Language (OCIL) defines a framework for expressing a set of questions to be presented to a user and corresponding procedures to interpret responses to these questions. Although the OCIL specification was developed for use with IT security checklists, the uses of OCIL are by no means confined to IT security. Other possible use cases include research surveys, academic course exams, and instructional walkthroughs. In IT security, organizations work with security policies that detail the information that needs to be secured and the security requirements that must be...

TMSAD describes a common trust model that can be applied to specifications within the security automation domain, such as Security Content Automation Protocol (SCAP). Since information in the security automation domain is primarily exchanged using Extensible Markup Language (XML), the focus of this model is on the processing of XML documents. The trust model is composed of recommendations on how to use existing specifications to represent signatures, hashes, key information, and identity information in the context of an XML document within the security automation domain. TMSAD Resources...

XCCDF - The Extensible Configuration Checklist Description Format XCCDF is a specification language for writing security checklists, benchmarks, and related kinds of documents. An XCCDF document represents a structured collection of security configuration rules for some set of target systems. The specification is designed to support information interchange, document generation, organizational and situational tailoring, automated compliance testing, and compliance scoring. The specification also defines a data model and format for storing results of benchmark compliance testing. The intent...

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) publishes, ISO/IEC 19770-2, a standard for software identification (SWID) tags that defines a structured metadata format for describing a software product. A SWID tag document is composed of a structured set of data elements that identify the software product, characterize the product's version, the organizations and individuals that had a role in the production and distribution of the product, information about the artifacts that comprise a software product, relationships between...

Validation Number: 143 Vendor: Rapid7 Product Name: Nexpose Product Major Version: 6 Product Version Tested: 6.4.16 Tested Platforms: Microsoft Windows 7, SP1, 64 bit Microsoft Windows Vista, SP2, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested: 7/1/2016 - 2/2/2017...

Validation Number: 142 Vendor: Red Hat®, Inc. Product Name: OpenSCAP Product Major Version: 1 Product Version Tested: 1.2.13 Tested Platforms: Red Hat Enterprise Linux 6, 32 bit Red Hat Enterprise Linux 6, 32 bit Red Hat Enterprise Linux 7, 64 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested: 11/22/2016 - 2/7/2017 Report Submitted:...

Validation Number: 141 Vendor: ThreatGuard Product Name: Secutor Compliance Automation Toolkit (S-CAT) Product Major Version: 5 Product Version Tested: 5.1.3.11 Tested Platforms: Microsoft Windows XP Professional, SP3, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows 7, SP1, 32 bit Microsoft Windows 7, SP1 64 bit Microsoft Windows 8.1, 32 bit Microsoft Windows 8.1, 64 bit Microsoft Windows Server 2012, 64 bit Red Hat Enterprise Linux 5, 32 bit Red Hat Enterprise Linux 5, 64...

Validation Number: 140 Vendor: SPAWAR Systems Center Atlantic Product Name: SCAP Compliance Checker Product Major Version: 4 Product Version Tested: 4.1.1 RC7 Tested Platforms: Microsoft Windows Server 2012, 64 bit Microsoft Windows 7, 64 bit Red Hat Enterprise Linux 6, 32 bit Red Hat Enterprise Linux 7, 64 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Open Checklist Interactive Language (OCIL) Validated Product...

Validation Number: 139 Vendor: IBM Product Name: IBM BigFix Compliance Product Major Version: 9.2 Product Version Tested: 9.2.6.94 CPE 2.3 Tested Platforms: Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested: 3/7/2016 - 5/16/2016 Report Submitted: 5/19/2016 DTR...

Validation Number: 138 Vendor: Rapid7 Product Name: Nexpose Product Major Version: 6 Product Version Tested: 6.2.1 Tested Platforms: Microsoft Windows XP Professional SP3, 32 bit Microsoft Windows Vista SP1, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested: 10/20/2015 - 4/8/2016 Report Submitted: 11/20/2015 DTR Version:...

Validation Number: 137 Vendor: Microsoft Corporation Product Name: SCAP Extensions for Microsoft System Center Configuration Manager Product Major Version: 3.0 Product Version Tested: v3.0.1154.0 Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested: 1/20/2015 - 6/9/2015...

Validation Number: 136 Vendor: Tenable Product Name: SecurityCenter Product Major Version: 5 Product Version Tested: 5.0.0.2 Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows XP Pro, SP3, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor...

Validation Number: 135 Vendor: ThreatGuard Product Name: Secutor Prime Product Major Version: 5 Product Version Tested: 5 (build 5000) Tested Platforms: Microsoft Windows XP Professional, SP3, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows 7, SP1, 32 bit Microsoft Windows 7, SP1 64 bit Red Hat Enterprise Linux 5, 32 bit Red Hat Enterprise Linux 5, 64 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE)...

Validation Number: 134 Vendor: Qualys Product Name: Qualys SCAP Auditor Product Major Version: 1.2 Product Version Tested: 1.2 (5.10.1 Build: 2) Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested:...

Validation Number: 133 Vendor: SAINT Corporation Product Name: SAINT Security Suite Product Major Version: 8 Product Version Tested: 8.7.0 (build 70206.432.2.13.2) Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows XP Pro, SP3, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures...

Validation Number: 132 Vendor: BMC Software Product Name: BMC Server Automation Product Major Version: 8.6 Product Version Tested: 8.6.00.197 Tested Platforms: Microsoft Windows 7, 64 bit Red Hat Enterprise Linux 5, 64 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Open Checklist Interactive Language (OCIL) Validated Product Vendor Provided SCAP Information Dates Tested: 10/21/2014 - 12/15/2014...

Validation Number: 131 Vendor: IBM Product Name: IBM Endpoint Manager Product Major Version: 9 Product Version Tested: 9.1.1117.0 Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Validated Product Vendor Provided SCAP Information Dates Tested: 9/4/2014 - 10/3/2014 Report Submitted: 10/3/2014 DTR Version: NISTIR 7511 Rev. 3 Validation Test Suite:...

Validation Number: 130 Vendor: BMC Software Product Name: BMC Client Management Product Major Version: 12.0.0 Product Version Tested: 12.0.0 Build 140901c Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows XP Pro, SP3, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE)...

Validation Number: 129 Vendor: McAfee Product Name: Policy Auditor Product Major Version: 6.2 Product Version Tested: 6.2.0.231 Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows XP Pro, SP3, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor...

Validation Number: 128 Vendor: Red Hat®, Inc. Product Name: OpenSCAP Product Major Version: 1.0 Product Version Tested: 1.0.8-1.el5_10 Tested Platforms: Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested: 1/1/2013 - 4/1/2014 Report Submitted: 4/17/2014 DTR Version:...

Validation Number: 127 Vendor: Center for Internet Security Product Name: CIS-CAT Pro Assessor (formerly Configuration Assessment Tool (CIS-CAT)) Product Major Version: 3 Product Version Tested: 3.0.00 Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Microsoft Windows Vista, SP2, 32 bit Microsoft Windows XP Pro, SP3, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner...

Validation Number: 126 Vendor: Tripwire Product Name: Tripwire Enterprise Product Major Version: 8 Product Version Tested: 8.3.2 Tested Platforms: Microsoft Windows 7, 64 bit Microsoft Windows 7, 32 bit Red Hat Enterprise Linux 5, 64 bit Red Hat Enterprise Linux 5, 32 bit SCAP 1.2 Capabilities: Authenticated Configuration Scanner Common Vulnerabilities and Exposures (CVE) Validated Product Vendor Provided SCAP Information Dates Tested: 4/1/2013 - 11/4/2013...