Security Content Automation Protocol (SCAP) 1.2 Validation Testing

    The COACT Lab is a third party independent testing facility accredited by the National Voluntary Laboratory Accreditation Program (NVLAP Lab Code 200416-0) to perform SCAP 1.2 compliance testing. The SCAP compliance testing program is sponsored by the management of the National Institute of Standards and Technology (NIST). The COACT lab conducts specific tests that are contained in the SCAP Validation Program Derived Test Requirements Document (NIST 7511), on SCAP products and delivers the results to NIST. The SCAP Validation Program will validate the SCAP product under test based on those results.

    For FAQ’s covering the SCAP validation program, we recommend that you visit the Official SCAP FAQ page. Please feel free to use to contact form below if you have any questions on your validation needs.

    COACT is accredited to provide full SCAP 1.2 compliance testing on the following SCAP Capabilities:

    Authenticated Configuration Scanner

    • CVE Option (optional CVE support may be combined with ACS)
    • OCIL Option (optional OCIL support may be combined with ACS)

    COACT lab personnel have extensive knowledge on the following SCAP related standards:

        • AI: Asset Identification
        • ARF: Asset Reporting Format
        • CCE: Common Configuration Enumeration
        • CCSS: Common Configuration Scoring System
        • CPE: Common Platform Enumeration
        • CVE: Common Vulnerabilities and Exposures
        • CVSS: Common Vulnerability Scoring System
        • OVAL: Open Vulnerability and Assessment Language
        • OCIL: Open Checklist Interactive Language
        • XCCDF: Extensible Configuration Checklist Description Format
        • TMSAD: Trust Model for Security Automation Data

    The COACT SCAP Lab is configured to conduct SCAP testing on the following platforms:


        • Microsoft Windows XP Professional
        • Microsoft Windows Vista
        • Microsoft Windows 7, 32 and 64-bit
        • Microsoft Windows 8.1, 32 and 64-bit
        • Microsoft Windows Server 2012 R2, 64-bit

    Red Hat Enterprise Linux (RHEL):

        • RHEL 5, 32 and 64-bit
        • RHEL 6, 32 and 64-bit
        • RHEL 7, 32 and 64-bit

    Our Validation Effort

    Documentation Review

    COACT reviews all related SCAP documentation to ensure your complaint with all SCAP 1.2 standards.

    SCAP Testing

    Our virtual environment is already configured to specification for the most up-to-date version of the SCAP validation content.

    Any findings that are discovered throughout the SCAP validation process are logged and tracked using a Tester Observation Report (TOR) which enables COACT validators to identify deviations from expected results and provide an accurate point-in-time view of the validation process.

    Report write-up and Submission

    We have a great track record for submitting flawless validation reports which provides a quick turnaround to be certified and listed on the SCAP validated products list.

    Validations Performed By COACT

    SCAP Compliance Checker 4

    Validation Record

    Vendor Product

    IBM BigFix Compliance 9.2

    Validation Record

    Vendor Product

    BMC Server Automation 8.6

    Validation Record

    Vendor Product

    IBM Endpoint Manager 9

    Validation Record

    Vendor Product

    BMC Client Management 12.0.0

    Validation Record

    Vendor Product

    Policy Auditor 6.2

    Validation Record

    Vendor Product

    SCAP Validated Products

    Visit the NIST SCAP Validation Products Page for a complete list of SCAP 1.2 Validated Products.


    Company Name *

    Name *

    Email Address *


    Your Message