Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Security Content Automation Protocol Validation Program

SCAP 1.2 Validated Products and Modules

Security Content Automation Protocol Validated Products and Modules

This webpage contains a list of products and modules that have been validated by NIST as conforming to the Security Content Automation Protocol (SCAP) and its component standards. SCAP validated products and modules have completed formal testing at an NVLAP accredited laboratory and meet all requirements as defined in NIST IR 7511. A module is defined as a software component that may be embedded in another product. If an SCAP module is a component of another product, contact the module vendor to identify products that integrate the SCAP validated module.

Follow the links from the table below to see a full description of the products validation information, tested platforms, and status. Please visit the SCAP validation program and the SCAP Validation FAQ webpages for a description of the validation process and information about SCAP capabilities, validated products and modules. For more information related to SCAP, please visit https://scap.nist.gov

Please visit the SCAP validation program webpage for a description of the validation process and information on the SCAP capabilities referenced in the table below. For more information relating to SCAP please visit https://scap.nist.gov.

Support for U.S. Government Programs

The U.S. Office of Management and Budget has required, in the August 11, 2008, M-08-22 memorandum to Federal CIOs, that "Both industry and government information technology providers must use SCAP validated tools with FDCC Scanner capability to certify their products operate correctly with FDCC configurations and do not alter FDCC settings. Agencies will use SCAP tools to scan for both FDCC configurations and configuration deviations approved by department or agency accrediting authority. Agencies must also use these tools when monitoring use of these configurations as part of FISMA continuous monitoring."

The General Services Administration is requiring SCAP validation within blanket purchase agreements for vulnerability and configuration management products (Solicitation Number: Reference-Number-QTA0-08-HC-B-0003).

Product Vendor Product Name Validation Date
Rapid 7 Logo

Nexpose 6

Validation Record

Vendor Product

03/29/2017
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:
Product

View Tested Platforms

 

Microsoft Windows Vista, SP2, 32 bit

Microsoft Windows 7, SP1, 64 bit
Red Hat Enterprise Linux 5.11, 64 bit
Red Hat Enterprise Linux 5.11, 32 bit

Red Hat®, Inc.

OpenSCAP 1

Validation Record

Vendor Product

02/22/2017
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Red Hat Enterprise Linux 6.8, 32 bit
Red Hat Enterprise Linux 6.8, 64 bit
Red Hat Enterprise Linux 7.2, 64 bit
ThreatGuard Logo

Secutor Compliance Automation Toolkit (S-CAT) 5

Validation Record

Vendor Product

12/13/2016
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

 Module

View Tested Platforms

  Microsoft Windows XP Professional, SP3, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows 7, SP1, 32 bit
Microsoft Windows 7, SP1, 64 bit
Microsoft Windows 8.1, 32 bit
Microsoft Windows 8.1, 64 bit
Microsoft Windows Server 2012, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit
Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 6.7, 32 bit
Red Hat Enterprise Linux 6.7, 64 bit
Red Hat Enterprise Linux 7.2, 64 bit
SPAWAR Log

SCAP Compliance Checker 4

Validation Record

Vendor Product

08/26/2016
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows Server 2012, 64 bit
Red Hat Enterprise Linux 6.8, 32 bit (x86)
Red Hat Enterprise Linux 7.2, 64 bit (x64)
IBM Logo

IBM BigFix Compliance 9.2

Validation Record

Vendor Product

06/09/2016
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Red Hat Enterprise Linux 5.11, 64 bit
Red Hat Enterprise Linux 5.11, 32 bit
Rapid 7 Logo

Nexpose 6

Validation Record

Vendor Product

05/09/2016
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows XP Professional SP3, 32 bit
Microsoft Windows Vista SP1, 32 bit
Microsoft Logo

SCAP Extensions for Microsoft System Center Configuration Manager 3.0

Validation Record

Vendor Product

09/28/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Tenable Logo

Security Center 5

Validation Record

Vendor Product

08/25/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5.10, 64 bit
Red Hat Enterprise Linux 5.10, 32 bit
ThreatGuard Logo

Secutor Prime 5

Validation Record

Vendor Product

04/21/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows XP Professional SP3, 32 bit
Microsoft Windows Vista SP1, 32 bit
Qualys Logo

Qualys SCAP Auditor 1.2

Validation Record

Vendor Product

02/26/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Red Hat Enterprise Linux 5.10, 64 bit
Red Hat Enterprise Linux 5.10, 32 bit
SAINT Logo

SAINT Security Suite 8

Validation Record

Vendor Product

01/27/2015
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit
BMC Logo

BMC Server Automation 8.6

Validation Record

Vendor Product

12/30/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Red Hat Enterprise Linux 5.9, 64 bit
IBM Logo

IBM Endpoint Manager 9

Validation Record

Vendor Product

10/24/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
BMC Logo

BMC Client Management 12.0.0

Validation Record

Vendor Product

09/26/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit
Intel Security McAfee Logo

Policy Auditor 6.2

Validation Record

Vendor Product

09/17/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit
Red Hat Logo

OpenSCAP 1.0

Validation Record

Vendor Product

04/17/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Red Hat Enterprise Linux 5.9, 64 bit
Red Hat Enterprise Linux 5.9, 32 bit
CIS Logo

CIS-CAT Pro Assessor (formerly Configuration Assessment Tool (CIS-CAT)) 3

Validation Record

Vendor Product

03/24/2014
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Microsoft Windows Vista, SP2, 32 bit
Microsoft Windows XP Pro, SP3, 32 bit
Red Hat Enterprise Linux 5, 64 bit
Red Hat Enterprise Linux 5, 32 bit
Tripwire Logo

Tripwire Enterprise 8

Validation Record

Vendor Product

11/07/2013
 

SCAP Capabilities:
ACS
CVE
OCIL

Product / Module Validation:

Product

View Tested Platforms

  Microsoft Windows 7, 64 bit
Microsoft Windows 7, 32 bit
Red Hat Enterprise Linux 5, 64 bit
Red Hat Enterprise Linux 5, 32 bit

NOTE: All SCAP 1.0 Validated Products Expired December 31, 2013.

Created November 06, 2017, Updated June 04, 2018