Government Computer News
NIST to release SCAP FDCC scanner list
Digg
De.licio.us
Slashdot
TechnoratiMore on this topic from GCN
GCN InSight eSeminar:
Government Computer News will present Matt Barrett, National Institute of Standards and Technology senior computer scientist and information security researcher, at 2 p.m. Tuesday, Feb. 5 in an eSeminar on the implementation and use of the Secure Content Automation Protocol (SCAP). GCN contributing writer Jason Miller will moderate.
Get your SCAP on
Last July, the Office of Management and Budget issued a clarification memo stating that agencies must monitor their desktop computers with SCAP tools "as they become available."
The scanners will ensure that the computers' configurations stay within the guidelines set by the FDDC, a group of OMB-mandated security-sensitive configuration settings developed by the NIST and the National Security Agency.
On Feb. 1, agencies will have to submit to OMB a report of all the desktop computers running the Microsoft Windows XP and Windows Vista operating systems, as well as the number of those that are FDCC-compliant, according to OMB FDCC lead Wendy Liberante, who gave an impromptu clarificationat the event. On March 31, agencies must submit a report to NIST of the status of the Windows desktop computers
As of January, however, no SCAP products have been validated by NIST, which just set up the validation program last summer.
SCAP is a framework "for automating and standardizing vulnerability management measurement and policy compliance," Mell said. It predates FDCC and can be used for checking computers to see if they meet other mandates, such as the Federal Information Security Management Act.
Although the SCAP validation process ranges across 12 different functions, this upcoming set of validated tools will be scanners, Mell noted. He did not speculate how many products would be validated, though the final testing is being done on about five.
"NIST is not recommending these products. We are not mandating these products. What we are doing is validating that the products correctly implement SCAP," Mell said. The validation will look at whether all the settings on the FDDC are checked, as well as if they are checked in the procedure that Microsoft and the government recommends.
| |||
| Latest News |  WashingtonTechnology.com |
FCW.com |
|
GCN.com
The latest technology news from GCN.com
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
 |
![1105 Government Information Group [justice]](/images/1105logo_website.gif "Government Computer News [justice]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
