Xacta IA Manager: USGCB-SCAP support for greater assurance of your security posture.
- Simplify asset configuration compliance auditing to ensure compliance with U.S. Government Configuration Baseline (USGCB) checklists for Windows XP, Vista and Microsoft 7 platforms
- Streamline the collection of information needed to evaluate, measure, and report IT risk and compliance
- Utilizes the CPE, CVE, and CCE standards for identifying assets, vulnerabilities, and configuration settings
- Import XCCDF-formatted output files containing configuration check results
Xacta IA Manager works with USGCB scanners to automate the validation and compliance of systems against USGCB standards and supports the use of SCAP content to determine compliance with USGCB and other XCCDF checklists as well as regulatory controls such as DOD 8500.2 and NIST 800-53.
Xacta IA Manager users can utilize this information as part of a system-based risk management effort, as well as create plans of actions and milestones (POA&Ms) for the associated remediation. Additionally, collected XCCD documents can be converted into reports to authoritative oversight systems such as CyberScope.
Xacta IA Manager is able to work with SCAP-compliant tools such as:
Security Configuration / Vulnerability Scanners: eEye Retina, nCircle, Nessus, Tenable, Rapid7
Intrusion Detection Systems: Cisco, Juniper, SourceFire, StrataGuard
Vulnerability Databases: NVD, CERT, Open Source Vulnerability Database
Asset Management Tools: Altiris; BMC; Microsoft SCCM Suite; Tivoli
Policy Framework Tools: LogLogic, NetIQ Sentinel, SolarWinds
Configuration / Patch Management: eEye Retina, Shavlik, SolarWinds, VMware
SCAP is a government-led, multi-agency initiative to enable automation and standardization of technical security operations, such as policy compliance checking. SCAP is based on several evolving standards:
CVE -- Standard nomenclature and dictionary of security related software flaws
CCE -- Standard nomenclature and dictionary of software misconfigurations
CPE -- Standard nomenclature and dictionary for product naming and versioning
XCCDF -- Standard XML for checklists and for reporting results of checklist evaluation
CVSS -- Standard XML schema for vulnerability scoring
OVAL -- Standard XML for defining configuration checks