Revision as of 12:20, 7 December 2010 edit 214.4.253.121 (talk) →SCAP Capabilities ← Previous edit		Revision as of 20:51, 22 March 2011 edit undo Frap (talk \| contribs) Extended confirmed users, File movers, Pending changes reviewers, Rollbackers 35,597 edits →SCAP Validation Program Next edit →
Line 37: Independent third party testing assures the customer/user that the product meets the NIST specifications. The SCAP standards can be complex and several configurations must be tested for each component and capability to ensure that the product meets the requirements. A third party lab (accredited by [http://ts.nist.gov/standards/accreditation/index.cfm NVLAP]) provides assurance that the product has been thoroughly tested and has been found to meet all of the requirements. A vendor seeking validation of a product that implements a SCAP component ([[Common Vulnerabilities and Exposures\|CVE]], CCE, CPE, [[CVSS]], [[XCCDF]] or [[Open Vulnerability and Assessment Language\|OVAL]]), or capability (Federal Desktop Core Configuration]] (~~[[Federal Desktop Core Configuration\|~~FDCC]]) Scanner, Authenticated Configuration Scanner, Authenticated Vulnerability Scanner, Unauthenticated Vulnerability Scanner, Intrusion Detection and Prevention, Patch Remediation, Mis-configuration Remediation, Asset Management, Asset Database, Vulnerability Database, Mis-configuration Database or Malware Tool), should contact an NVLAP accredited SCAP validation laboratory for assistance in the validation process. A customer who is subject to the [[Federal Information Security Management Act of 2002\|FISMA]] requirements, or wants to use security products that have been tested and validated to the SCAP standard by an independent third party laboratory should visit the [http://nvd.nist.gov/scapproducts.cfm SCAP validated products web page] to verify the status of the product(s) being considered. ==External links==

Security Content Automation Protocol: Difference between revisions