SCAP combines a number of open standards and is designed to enable automated vulnerability management, measurement, and policy compliance evaluation. SCAP 1.2 adds a number of new checklists including asset identification and asset reporting formats, as well as the Common Configuration Scoring System. It also includes a digital trust model for securing reports and checklists.
Built on nCircle’s IP360 vulnerability and risk management system, IP360 Federal scans for all SCAP Tier IV content, including USGCB policies. IP360 Federal also processes SCAP content natively. Unlike other solutions, no converter is required, saving time and reducing errors.
IP360 Federal enables government and contractor organizations to:
- Discover, prioritize and remediate vulnerabilities
- Meet and automate CyberScope reporting requirements
- Meet NIST requirements for SCAP scanning
- Natively import SCAP content
- Meet NIST SP 800-137 continuous monitoring requirements.
“nCircle has always been a pioneer in the evolution of security standards, and our products are first in line to be certified SCAP 1.2 compliant,” said Tim ‘TK’ Keanini, chief research officer for nCircle. “IP360 Federal delivers the value of SCAP 1.2 and helps our customers automate key business processes, including CyberScope reporting. Our goal is to make it easier for our customers to achieve and maintain compliance while focusing on reducing security risks.”
nCircle is a long-standing supporter of federal security standards initiatives and has invested heavily in the development of open security standards used extensively throughout the federal government. Keanini has been actively involved in the development of Security Content Automation Protocol (SCAP), Common Configuration and Enumeration (CCE), Common Platform Enumeration (CPE), Common Vulnerability Enumeration (CVE), Open Vulnerability Assessment Language (OVAL) and Common Vulnerability Scoring System standards.