Security Content Automation Protocol (SCAP) 1.2 Validation Testing

    The COACT Lab is a third party independent testing facility accredited by the National Voluntary Laboratory Accreditation Program (NVLAP Lab Code 200416-0) to perform SCAP 1.2 compliance testing. The SCAP compliance testing program is sponsored by the management of the National Institute of Standards and Technology (NIST). The COACT lab conducts specific tests that are contained in the SCAP Validation Program Derived Test Requirements Document (NIST 7511), on SCAP products and delivers the results to NIST. The SCAP Validation Program will validate the SCAP product under test based on those results.

    For FAQ’s covering the SCAP validation program, we recommend that you visit the Official SCAP FAQ page. Please feel free to use to contact form below if you have any questions on your validation needs.

    COACT is accredited to provide full SCAP 1.2 compliance testing on the following SCAP Capabilities:

    Authenticated Configuration Scanner

    • CVE Option (optional CVE support may be combined with ACS)
    • OCIL Option (optional OCIL support may be combined with ACS)

    COACT lab personnel have extensive knowledge on the following SCAP related standards:

        • AI: Asset Identification
        • ARF: Asset Reporting Format
        • CCE: Common Configuration Enumeration
        • CCSS: Common Configuration Scoring System
        • CPE: Common Platform Enumeration
        • CVE: Common Vulnerabilities and Exposures
        • CVSS: Common Vulnerability Scoring System
        • OVAL: Open Vulnerability and Assessment Language
        • OCIL: Open Checklist Interactive Language
        • XCCDF: Extensible Configuration Checklist Description Format
        • TMSAD: Trust Model for Security Automation Data

    The COACT SCAP Lab is configured to conduct SCAP testing on the following platforms:

    Windows:

        • Microsoft Windows XP Professional
        • Microsoft Windows Vista
        • Microsoft Windows 7, 32 and 64-bit
        • Microsoft Windows 8.1, 32 and 64-bit
        • Microsoft Windows Server 2012 R2, 64-bit

    Red Hat Enterprise Linux (RHEL):

        • RHEL 5, 32 and 64-bit
        • RHEL 6, 32 and 64-bit
        • RHEL 7, 32 and 64-bit

    Our Validation Effort

    Documentation Review

    COACT reviews all related SCAP documentation to ensure your complaint with all SCAP 1.2 standards.

    SCAP Testing

    Our virtual environment is already configured to specification for the most up-to-date version of the SCAP validation content.

    Any findings that are discovered throughout the SCAP validation process are logged and tracked using a Tester Observation Report (TOR) which enables COACT validators to identify deviations from expected results and provide an accurate point-in-time view of the validation process.

    Report write-up and Submission

    We have a great track record for submitting flawless validation reports which provides a quick turnaround to be certified and listed on the SCAP validated products list.

    COACTs SCAP 1.2 Validations

    CompanyProductSCAP VersionValidation Time
    Red HatOpenSCAP 1.12.31.22.5 Months
    SPAWARSCC 4.1.11.23 Months
    IBMIBM BigFix Compliance 9.21.22 Months
    BMCServer Automation 81.22 Months
    IBMEndpoint Manager 91.21 Month
    BMCClient Management 12.0.01.23 Months
    Intel SecurityPolicy Auditor 6.21.211 Months

    SCAP Validated Products

    Visit the NIST SCAP Validation Products Page for a complete list of SCAP 1.2 Validated Products.

    CONTACT US

    Company Name *

    Name *

    Email Address *

    Subject

    Your Message