Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Security Content Automation Protocol Validation Program

SCAP 1.2 Validated Products and Modules

Security Content Automation Protocol Validated Products and Modules

This webpage contains a list of products and modules that have been validated by NIST as conforming to the Security Content Automation Protocol (SCAP) and its component standards. SCAP validated products and modules have completed formal testing at an NVLAP accredited laboratory and meet all requirements as defined in NIST IR 7511. A module is defined as a software component that may be embedded in another product. If an SCAP module is a component of another product, contact the module vendor to identify products that integrate the SCAP validated module.

Follow the links from the table below to see a full description of the products validation information, tested platforms, and status. Please visit the SCAP validation program and the SCAP Validation FAQ webpages for a description of the validation process and information about SCAP capabilities, validated products and modules. For more information related to SCAP, please visit https://scap.nist.gov

Please visit the SCAP validation program webpage for a description of the validation process and information on the SCAP capabilities referenced in the table below. For more information relating to SCAP please visit https://scap.nist.gov.

Support for U.S. Government Programs

The U.S. Office of Management and Budget has required, in the August 11, 2008, M-08-22 memorandum to Federal CIOs, that "Both industry and government information technology providers must use SCAP validated tools with FDCC Scanner capability to certify their products operate correctly with FDCC configurations and do not alter FDCC settings. Agencies will use SCAP tools to scan for both FDCC configurations and configuration deviations approved by department or agency accrediting authority. Agencies must also use these tools when monitoring use of these configurations as part of FISMA continuous monitoring."

The General Services Administration is requiring SCAP validation within blanket purchase agreements for vulnerability and configuration management products (Solicitation Number: Reference-Number-QTA0-08-HC-B-0003).

Product Vendor Product Name Validation Date

Nexpose 6

Validation Record

Vendor Product

03/29/2017
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:
Product

View Tested Platforms

 

Microsoft Windows Vista, SP2, 32 bit

Microsoft Windows 7, SP1, 64 bit
Red Hat Enterprise Linux 5.11, 64 bit
Red Hat Enterprise Linux 5.11, 32 bit

Red Hat®, Inc.

OpenSCAP 1

Validation Record

Vendor Product

02/22/2017
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Red Hat Enterprise Linux 6.8, 32 bit
Red Hat Enterprise Linux 6.8, 64 bit
Red Hat Enterprise Linux 7.2, 64 bit

Secutor Compliance Automation Toolkit (S-CAT) 5

Validation Record

Vendor Product

12/13/2016
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

 Module

View Tested Platforms

  Microsoft Windows XP Professional, SP3, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows 7, SP1, 32 bit
Microsoft Windows 7, SP1, 64 bit
Microsoft Windows 8.1, 32 bit
Microsoft Windows 8.1, 64 bit
Microsoft Windows Server 2012, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit
Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 6.7, 32 bit
Red Hat Enterprise Linux 6.7, 64 bit
Red Hat Enterprise Linux 7.2, 64 bit

SCAP Compliance Checker 4

Validation Record

Vendor Product

08/26/2016
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows Server 2012, 64 bit
Red Hat Enterprise Linux 6.8, 32 bit (x86)
Red Hat Enterprise Linux 7.2, 64 bit (x64)

IBM BigFix Compliance 9.2

Validation Record

Vendor Product

06/09/2016
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Red Hat Enterprise Linux 5.11, 64 bit
Red Hat Enterprise Linux 5.11, 32 bit

Nexpose 6

Validation Record

Vendor Product

05/09/2016
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows XP Professional SP3, 32 bit
Microsoft Windows Vista SP1, 32 bit

SCAP Extensions for Microsoft System Center Configuration Manager 3.0

Validation Record

Vendor Product

09/28/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit

Security Center 5

Validation Record

Vendor Product

08/25/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5.10, 64 bit
Red Hat Enterprise Linux 5.10, 32 bit

Secutor Prime 5

Validation Record

Vendor Product

04/21/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows XP Professional SP3, 32 bit
Microsoft Windows Vista SP1, 32 bit

Qualys SCAP Auditor 1.2

Validation Record

Vendor Product

02/26/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Red Hat Enterprise Linux 5.10, 64 bit
Red Hat Enterprise Linux 5.10, 32 bit

SAINT Security Suite 8

Validation Record

Vendor Product

01/27/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit

BMC Server Automation 8.6

Validation Record

Vendor Product

12/30/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Red Hat Enterprise Linux 5.9, 64 bit

IBM Endpoint Manager 9

Validation Record

Vendor Product

10/24/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit

BMC Client Management 12.0.0

Validation Record

Vendor Product

09/26/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit

Policy Auditor 6.2

Validation Record

Vendor Product

09/17/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit

OpenSCAP 1.0

Validation Record

Vendor Product

04/17/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit

CIS-CAT Pro Assessor (formerly Configuration Assessment Tool (CIS-CAT)) 3

Validation Record

Vendor Product

03/24/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5, 64 bit
Red Hat Enterprise Linux 5, 32 bit

Tripwire Enterprise 8

Validation Record

Vendor Product

11/07/2013
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Red Hat Enterprise Linux 5, 64 bit
Red Hat Enterprise Linux 5, 32 bit

NOTE: All SCAP 1.0 Validated Products Expired December 31, 2013.

Created November 06, 2017, Updated April 24, 2018