Security Suite Receives NIST Validation

"The SCAP protocols help an organization in any industry to better define their security configuration boundaries."

by / July 8, 2008

Shavlik Technologies, a developer of software solutions for security and compliance readiness, today announced that the Shavlik Security Suite has earned Security Content Automation Protocol (SCAP) validation, a U.S. government-mandated initiative administered through the National Institute of Standards and Technology (NIST) standards-based security automation.

The SCAP protocols enable security software technologies to exchange system configuration controls and vulnerability information in a standard format. This ensures that security-related content can be accurately and consistently processed within any SCAP-validated tool. SCAP validation gives government customers the freedom to select a solution that meets their needs and satisfies federal security initiatives and regulations. The Shavlik Security Suite is one of few SCAP-validated tools that simplifies and automates both assessment and remediation, the company said in a news release.

"The SCAP protocols help an organization in any industry to better define their security configuration boundaries," said Dorian Cougias, founder and lead analyst for Unified Compliance Framework. "Shavlik's advanced discovery capabilities mean that you have immediate access to what operating system a machine is running, which is critical to setting configuration boundaries."

The first real world application of the SCAP protocols is the Federal Desktop Core Configuration, or FDCC, that requires federal agencies to meet core configuration standards for desktop computers running Windows XP or Vista. By delivering a fully-automated solution, the Shavlik Security Suite increases the level of security while also reducing costs for maintaining systems and software applications.

"The Shavlik implementation offers one of the cleanest XML specifications for SCAP of all the products I've seen," added Cougias.