Security Content Automation Protocol Validated Products

Mission and Overview

NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).

Resource Status

NVD contains:

55066	CVE Vulnerabilities
202	Checklists
231	US-CERT Alerts
2690	US-CERT Vuln Notes
8140	OVAL Queries

Last updated: 02/13/13

CVE Publication rate:

17 vulnerabilities / day

Email List

NVD provides five mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index

Vulnerability Workload Index: 8.05

About Us

NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security’s National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

Security Content Automation Protocol Validated Products

This webpage contains a list of products that have been validated by NIST as conforming to the Security Content Automation Protocol (SCAP) and its component standards. Click on the vendor or product name to see a full description of the products validation information and status.

Please visit the SCAP validation program webpage for a description of the validation process and information on the SCAP capabilities referenced in the table below. For more information relating to SCAP please visit http://scap.nist.gov.

Support for U.S. Government Programs

Federal Desktop Core Configuration Initiative

The U.S. Office of Management and Budget has required, in the July 31st, 2007 memorandum to Federal CIOs, that "Information technology providers must use S-CAP validated tools, as they become available, to certify their products do not alter these configurations, and agencies must use these tools when monitoring use of these configurations."

Situational Awareness and Incident Response SmartBUY

The General Services Administration is requiring SCAP validation within blanket purchase agreements for vulnerability and configuration management products (Solicitation Number: Reference-Number-QTA0-08-HC-B-0003).

Security Content Automation Protocol (SCAP) Validated Products
Product Vendor	Product Name	SCAP Validations
	Security Analysis Solution	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	Security Configuration and Vulnerability Management Pack	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	BMC Automation Server	Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	BMC BladeLogic Client Automation	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	CA IT Client Manager	FDCC Scanner Authenticated Configuration Scanner
	CIS - Configuration Audit Tool	FDCC Scanner
	Core IMPACT Professional	Unauthenticated Vulnerability Scanner
	Frontline Vulnerability Manager	Unauthenticated Vulnerability Scanner
	Dell KACE K1000 System Management Appliance	FDCC Scanner
	Retina	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner Unauthenticated Vulnerability Scanner
	SecureVue	FDCC Scanner Authenticated Configuration Scanner
	Greenbone Security Manager	Unauthenticated Vulnerability Scanner
	SCAP Scanner	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner USGCB Scanner
	LANDesk Patch Manager 9.0 Extensions for Federal Desktops	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	LANDesk Security Suite 9.0 Extensions for Federal Desktops	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	Patchlink Security Configuration Management for Patchlink Update	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	PatchLink Security Configuration Management for PatchLink Scan	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	Policy Auditor	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	Vulnerability Manager	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner Unauthenticated Vulnerability Scanner
	System Center Configuration Manager Extensions for SCAP	FDCC Scanner
	Configuration Compliance Manager	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	IP360	Unauthenticated Vulnerability Scanner
	NetIQ Secure Configuration Manager	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner CCE CVSS
	EventTracker Enterprise	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	QualysGuard FDCC Scanner	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner Vulnerability Database Unauthenticated Vulnerability Scanner
	Nexpose	FDCC Scanner USGCB Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner Unauthenticated Vulnerability Scanner
	Vulnerability Scanner	FDCC Scanner USGCB Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner Unauthenticated Vulnerability Scanner
	Shavlik Security Suite: NetChk Configure	FDCC Scanner
	Shavlik Security Suite: NetChk Protect	FDCC Scanner
	Enterprise Trust Server	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	SCAP Compliance Checker	FDCC Scanner
	Control Compliance Suite	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	Symantec Risk Automation Suite	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner Vulnerability Database Misconfiguration Database CCE CVSS
	Xacta IA Manager (Xacta HostInfo)	FDCC Scanner Authenticated Configuration Scanner
	Xacta IA Manager Continuous Assessment	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner CCE
	Security Center	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner Unauthenticated Vulnerability Scanner
	Secutor Magnus with ThreatView	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	Secutor Prime	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner Misconfiguration Remediation
	S-CAT	FDCC Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner
	Tripwire Enterprise	FDCC Scanner
	Resolution Manager	FDCC Scanner Authenticated Configuration Scanner Misconfiguration Remediation Authenticated Vulnerability and Patch Scanner
	VMware vCenter Protect Essentials Government Edition (with SCAP Processor)	FDCC Scanner
	VMware vCenter Configuration Manager)	FDCC Scanner USGCB Scanner Authenticated Configuration Scanner Authenticated Vulnerability and Patch Scanner

Laboratories Accredited to do SCAP Testing

The labs listed below have been accredited by the NIST National Voluntary Laboratory Accreditation Program (NVLAP) to perform SCAP validation testing. Click on the lab name to see a full listing of the lab's accredited scopes

NVLAP Accredited Independent SCAP Testing Laboratories

Laboratory Name

Accredited Testing Scopes

AEGISOLVE, Inc.