Content deleted Content added
→External links: removed commercial link |
Really need a page on FDCC |
||
Line 35:
Independent third party testing assures the customer/user that the product meets the NIST specifications. The SCAP standards can be complex and several configurations must be tested for each component and capability to ensure that the product meets the requirements. A third party lab (accredited by [http://ts.nist.gov/standards/accreditation/index.cfm NVLAP]) provides assurance that the product has been thoroughly tested and has been found to meet all of the requirements.
A vendor seeking validation of a product that implements an SCAP component (CVE, CCE, CPE, CVSS, XCCDF or OVAL), or capability ([[Federal Desktop Core Configuration]] (FDCC) Scanner, Authenticated Configuration Scanner, Authenticated Vulnerability Scanner, Unauthenticated Vulnerability Scanner, Intrusion Detection and Prevention, Patch Remediation, Mis-configuration Remediation, Asset Management, Asset Database, Vulnerability Database, Mis-configuration Database or Malware Tool), should contact an NVLAP accredited SCAP validation laboratory for assistance in the validation process.
A customer who is subject to the FISMA requirements, or wants to use security products that have been tested and validated to the SCAP standard by an independent third party laboratory should visit the [http://nvd.nist.gov/scapproducts.cfm SCAP validated products web page] to verify the status of the product(s) being considered.
| |||