FISMA News

NIST Security Content Automation Protocol (SCAP) Validation Received by SignaCert, Inc.

(January 29, 2010) - SignaCert, Inc., leaders in providing next-generation IT image management solutions based on known-provenance software whitelisting, announced Enterprise Trust Server version 3.6 received SCAP certification. The SCAP program is a U.S. government initiative to enable automation and standardization of technical security operations.

SignaCert’s datacenter-ready implementation of the SCAP method enables “continuous monitoring” and affirmation of any IT platform regardless of vendor. It also fully leverages the SCAP protocols to enable standardized sharing of software integrity state, configuration and risk/vulnerability information. Continuous monitoring with SignaCert’s SCAP implementation dramatically enhances change detection resolution while closing the IT compliance exposure window.

With SignaCert Enterprise Trust Server version 3.6, customers can now operationally manage IT systems against SCAP vulnerability and configuration checklists (including FDCC). When assessing system security, vulnerability, and configuration posture, the Enterprise Trust Server utilizes information from XCCDF (Extensible Configuration Checklist Description Format), OVAL (Open Vulnerability Assessment Language), CVE (Common Vulnerability Enumeration), CCE (Common Configuration Enumeration), CPE (Common Platform Enumeration), and CVSS (Common Vulnerability Scoring System).

“Over the past year, we have been partnering with the DoD and federal IT security community to strengthen our nation’s defenses against the adversary.” said Wyatt Starnes, SignaCert founder and CEO. “Our innovative whitelisting approach uses government standards and protocols to help agency and private industry system administrators focus on prioritizing risk and vulnerabilities so they can better protect their networks against both internal and external threats.”

SignaCert extends SCAP’s traditional compliance-centric capabilities by providing robust reference image management validation supplemented by rich known-provenance whitelist content. This combination greatly enhances software supply chain confidence on all IT platforms, increasing the security and efficacy of managed systems.

"We see the SCAP method for Continuous Monitoring of IT systems used by DoD and the Federal IT community as a major step to enhance both security and operational compliance.” said Starnes, “Version 3.6 of our next-generation compliance, vulnerability assessment, and configuration control solution, combined with our unique application of known-provenance whitelisting data, solidifies SignaCert as the preeminent whitelist operational assurance and compliance solution provider for both government and industry.”

For More Information Visit - www.signacert.com

Share or bookmarklet this web page at: