News

SignaCert Renews NIST SCAP Validation for Product Suite

January 15, 2012

SignaCert Renews NIST Security Content Automation Protocol (SCAP) Validation

Portland, OR – Continuing its leadership position in providing next-generation compliance validation, SignaCert's Enterprise Trust Server version 4.0 renewed its SCAP validation. The SCAP program is a U.S. government initiative to enable automation and standardization of technical security operations.

SignaCert provides a NIST-validated solution that enables customers to centrally manage, assess, and report on the compliance of their enterprise. SignaCert is an authenticated configuration scanner, a validated FDCC scanner, and a vulnerability and patch scanner. With this functionality, customers can utilize security checklists and benchmarks such as USGCB (US Government Configuration Baseline), DISA STIGs (Security Technical Implementation Guides), Microsoft Security Compliance benchmarks, and any other checklists or vulnerability definitions in SCAP-compliant formats.

When assessing system security, vulnerability, and configuration posture, the Enterprise Trust Server utilizes information from XCCDF (Extensible Configuration Checklist Description Format), OVAL (Open Vulnerability Assessment Language), CVE (Common Vulnerability Enumeration), CCE (Common Configuration Enumeration), CPE (Common Platform Enumeration), and CVSS (Common Vulnerability Scoring System).

SignaCert extends SCAP's traditional compliance-centric capabilities by providing robust file integrity monitoring (FIM) validation, supplemented by rich known-provenance whitelist content from SignaCert's Global Trust Repository (GTR). This combination greatly enhances software supply chain confidence on all IT platforms, increasing the security and efficacy of managed systems.

SCAP Background:

SCAP is rapidly emerging as the de facto government standard method for IT systems management and security. SCAP encompasses NIST 800-53, CAG (Consensus Audit Guidelines) and DoD (Department of Defense) best practices as well as market experience from the initial FDCC (Federal Desktop Core Configuration) implementation for FISMA.

Presently, most IT audit and C&A (Certification & Accreditation) regulations require IT system conformance checks every few weeks or even months, creating a significant exposure window for these systems. Further, many regulations and standards are narrowly focused primarily on configuration, vulnerability and risk issues.

With the 4.0 release of SignaCert's Enterprise Trust Server customers can ensure that all systems maintain compliance against file system, registry, database, and system/security configuration policies, whether internally derived or government and industry mandated.

About SignaCert

SignaCert is the leading provider of end-to-end and partner-based IT compliance solutions based on known-provenance technology. These methods allow SignaCert's direct customers to rapidly achieve and prove continuous compliance for the systems that deliver critical business services. The SignaCert architecture is designed to seamlessly integrate with existing change processes and continuously monitor critical business services without disruption.

Founded in 2004 by 38-year IT security and compliance industry veteran Wyatt Starnes, SignaCert has assembled a world class team of industry leaders with hands-on IT experience.

SignaCert's end-customers span a wide variety of industries, including financial services, government, and healthcare.