EWA-Canada offers efficient and cost-effective help to our clients in obtaining certification of their products to any of the SCAP standards or SCAP capabilities. The Security Content Automation Protocol (SCAP) is a method for using a standards-based approach to automate vulnerability management, measurement and policy compliance evaluation. SCAP comprises the following set of open standards that address identification of software vulnerabilities, platforms and security relevant configuration issues; methods for determining the presence of vulnerabilities or other issues; and methods for assigning a score to discovered security issues in order to rank their severity and impact.
Under the SCAP Validation Program, vendor products may be tested for conformance to the following SCAP component standards:
In addition, NIST has defined a variety of SCAP Capabilities that vendors may claim for their products and for which conformance testing has been defined, including:
Of particular note, the U.S.Federal Office of Management and Budget (OMB) released Memorandum M-07-11 in March of 2007 directing that all agencies operating WindowsXP™ or Vista™ must adopt the FDCC security configurations developed by the National Institute of Standards and Technology (NIST), the Department of Defense (DoD) and the Department of Homeland Security (DHS) by 1 February 2008. Vendors with products validated as confoming to FDCC Scanner requirements will be in a position to offer their solutions to agencies that will need to be able to confirm the compliance of their desktop system configurations.
As a fully accredited SCAP Test Lab, EWA-Canada can offer efficient and cost-effective help to our clients in obtaining certification of their products to any of the SCAP standards or SCAP capabilities. For a list of some of our clients that have certified or are certifying their products through EWA-Canada's labs follow this link.
Please contact us for further information.