Xacta IA Manager: USGCB-SCAP support for greater assurance of your security posture.

xacta_ia_manager_internal  Request for a product demo
  • Simplify asset configuration compliance auditing to ensure compliance with U.S. Government Configuration Baseline (USGCB) checklists for Windows XP, Vista and Microsoft 7 platforms

  • Streamline the collection of information needed to evaluate, measure, and report IT risk and compliance

  • Utilizes the CPE, CVE, and CCE standards for identifying  assets, vulnerabilities, and configuration settings

  • Import XCCDF-formatted output files containing configuration check results

Xacta IA Manager works with USGCB scanners to automate the validation and compliance of systems against USGCB standards and supports the use of SCAP content to determine compliance with USGCB and other XCCDF checklists as well as regulatory controls such as DOD 8500.2 and NIST 800-53.

Xacta IA Manager users can utilize this information as part of a system-based risk management effort, as well as create plans of actions and milestones (POA&Ms) for the associated remediation.  Additionally, collected XCCD documents can be converted into reports to authoritative oversight systems such as CyberScope.

Xacta IA Manager is able to work with SCAP-compliant tools such as:

Security Configuration / Vulnerability Scanners:  eEye Retina, nCircle, Nessus, Tenable, Rapid7

Intrusion Detection Systems: Cisco, Juniper, SourceFire, StrataGuard

Vulnerability Databases: NVD, CERT, Open Source Vulnerability Database

Asset Management Tools: Altiris; BMC; Microsoft SCCM Suite; Tivoli 

Policy Framework Tools: LogLogic, NetIQ Sentinel, SolarWinds

Configuration / Patch Management: eEye Retina, Shavlik, SolarWinds, VMware


SCAP is a government-led, multi-agency initiative to enable automation and standardization of technical security operations, such as policy compliance checking. SCAP is based on several evolving standards:

CVE -- Standard nomenclature and dictionary of security related software flaws
CCE -- Standard nomenclature and dictionary of software misconfigurations
CPE -- Standard nomenclature and dictionary for product naming and versioning
XCCDF -- Standard XML for checklists and for reporting results of checklist evaluation
CVSS -- Standard XML schema for vulnerability scoring
OVAL -- Standard XML for defining configuration checks