Lumension Releases SCAP Validation of the Vulnerability Management Solution
Lumension Security announced the release of Security Content Automation Protocol (SCAP) Scanner validation of the company’s Vulnerability Management Solution. Lumension has acquired SCAP Validation from the National Institute of Standards and Technology (NIST).
The company has been successful in getting this validation in the Federal Desktop Core Configuration (FDCC) Scanning category. Lumension has proved itself in enforcing strong security and hardened Windows endpoint configurations within the U.S. government IT environment.
“Like all government agencies, we are not only faced with specific, mandated endpoint configuration requirements but are required to use SCAP-validated tools to verify, validate and demonstrate compliance against FDCC requirements,” said David Campbell, ASUS program manager, NASA. “Using SCAP-ready solutions is a priority for NASA, allowing us to reduce exposure to operational and financial risk by standardizing endpoint and application configurations based on industry best practices. Not only does the SCAP-validated Security Configuration solution reduce the cost of system and application maintenance, but it gives us a top-down baseline of the security environment for standardizing and automating risk management, compliance reporting and security measurement,” added Campbell.
Last year the U.S. Office of Management and Budget (OMB) announced that government organizations have to adopt FDCC recommendations forMicrosoft XP and Vista desktops and laptops. Federal agencies were asked to use SCAP-validated tools for verification and also to monitor their desktop configurations for FDCC compliance. Lumension’s Vulnerability Management Solution supports the OMB initiative and is designed on SCAP standards for secure and cost-effective management of the full vulnerability lifecycle. The features of the solution include agent-based and agentless risk assessment of software flaws and configuration vulnerabilities. It offers accurate remediation, continuous validation and policy compliance reporting.
The vulnerability management solution provides automated compliance reporting which are based on FDCC security practices. It allows interoperability between security technologies which are based in NIST’s common security content format. Lumension will give accurate FDCC auditing for Federal agencies and helps avoid manual implementation of the mandated configuration requirements. “By standardizing and automating secure configuration settings, government agencies not only benefit from significant security threat reduction, but also realize considerable cost savings from a decrease in system and application maintenance fees,” said Steven Antone, vice president, federal solutions at Lumension Security.
Antone further pointed out that with its SCAP validation, agencies can rely on Lumension’s Vulnerability Management Solution as a cost-effective way to continuously monitor their systems. It helps verify that the FDCC standardized settings have not been altered, and also remediate both software and configuration vulnerabilities if necessary to mitigate the threats associated with misconfigured endpoints.
Reproduced from an article published by TMCnet
© TMCnet
The original article can be viewed here:
http://ipcommunications.tmcnet.com/topics/ip-communications/articles/34087-...
Permalink Bookmark Digg this story
