Content deleted Content added
Line 35:
Security programs overseen by [[National Institute of Standards and Technology|NIST]] focus on working with government and industry to establish more secure systems and networks by developing, managing and promoting security assessment tools, techniques, services, and supporting programs for testing, evaluation and validation; and addresses such areas as: development and maintenance of security metrics, security evaluation criteria and evaluation methodologies, tests and test methods; security-specific criteria for laboratory accreditation; guidance on the use of evaluated and tested products; research to address assurance methods and system-wide security and assessment methodologies; security protocol validation activities; and appropriate coordination with assessment-related activities of voluntary industry standards bodies and other assessment regimes.
Independent third party testing assures the customer/user that the product meets the NIST specifications. The SCAP standards can be complex and several configurations must be tested for each component and capability to ensure that the product meets the requirements. A third-party lab (accredited by [[National Voluntary Laboratory Accreditation Program]] (NVLAP
A vendor seeking validation of a product that implements a SCAP component ([[Common Vulnerabilities and Exposures|CVE]], CCE, CPE, [[CVSS]], [[XCCDF]] or [[Open Vulnerability and Assessment Language|OVAL]]), or capability ([[Federal Desktop Core Configuration]] (FDCC) Scanner, Authenticated Configuration Scanner, Authenticated Vulnerability Scanner, Unauthenticated Vulnerability Scanner, Intrusion Detection and Prevention, Patch Remediation, Mis-configuration Remediation, Asset Management, Asset Database, Vulnerability Database, Mis-configuration Database or Malware Tool), should contact an NVLAP accredited SCAP validation laboratory for assistance in the validation process.
| |||