|  Home  |  About COACT  |            COMMON CRITERIA   FIPS 140-2   SCAP TESTING   Our Lab   SCAP FAQ   SCAP Definitions   Relevant Links   PIV TESTING   CERTIFICATION (C&A)   SECURITY SERVICES   CONTRACT VEHICLES SCAP Compliance Testing : Frequently Asked Questions   1. What is SCAP? The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance). COACT has committed to becoming an accredited SCAP compliance testing laboratory. 2. How do I know if I need SCAP compliance testing? The U.S. Office of Management and Budget has required that as of February 1, 2008 U.S. government systems use SCAP validated tools for FDCC software acceptance testing and continuous monitoring of systems. If you have a product that provides this functionality, it must be certified compliant by February 2008 for U.S government agencies to be able to use it. 3. What is the validation process? NIST is currently in the process of developing the test methodologies for SCAP compliance testing. For high-level description of the current state of the program, you may review the following two (2) presentations given by NIST at the Security Automation Conference titled: Security Content Automation Protocol (SCAP) Compliance Program and Automation Conference titled: Ensuring Secure Computer Configurations within the Federal Government. 4. How can I find out more information about the program? The official NIST “Information Security Automation Program and The Security Content Automation Protocol” webpage can be found here: http://nvd.nist.gov/scap.cfm. Also, joining the COACT SCAP mailing list (available soon!) will keep you up to date with all the latest information provided to the testing laboratory, as soon as, it is received by COACT. Stop back and check www.coact.com often. This is an exciting and busy time for the SCAP compliance program. Let COACT provide you with the insight necessary to stay ahead. 5. What does it mean for a product to be SCAP compatible? A security tool is considered “SCAP compatible” if it adopts at least three (3) of the SCAP standards. 6. What are the SCAP standards? SCAP consists of the following standards: Open Vulnerability and Assessment Language (OVAL), Extensible Configuration Checklist Description Format (XCCDF), Common Vulnerability Scoring System (CVSS), Common Platform Enumeration (CPE), Common Configuration Enumeration (CCE), Common Vulnerabilities and Exposures (CVE).   Contact Us  |  Sitemap  |  Privacy Statement  |  Copyright COACT, Inc. 2008. All rights reserved.