Tenable’s Security Center has been validated by NIST to perform Security Content Automation (SCAP) FDCC Compliance Auditing for the Microsoft XP and Vista platforms.
In July of 2007, the U.S. Office of Management and Budget (OMB) released a memorandum to Federal CIOs mandating that all government agencies implement the FDCC for all Windows XP and Vista desktops. In addition, all government agencies must use, when available, a NIST SCAP validated tool to audit and monitor compliance with the FDCC mandate.
The Security Content Automation Protocol (SCAP), pronounced “Ess-Cap”, is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance). More specifically, SCAP is a suite of open standards that enumerates software flaws, security related configuration issues, and product names, measures systems to determine the presence of vulnerabilities, and provides mechanisms to rank (score) the results of these measurements in order to evaluate the impact of the discovered security issues. SCAP defines how these standards are used in unison to accomplish these capabilities.