Xacta IA Manager works with USGCB scanners to automate the validation and compliance of systems against USGCB standards and supports the use of SCAP content to determine compliance with USGCB and other XCCDF checklists as well as regulatory controls such as DOD 8500.2 and NIST 800-53.
Xacta IA Manager users can utilize this information as part of a system-based risk management effort, as well as create plans of actions and milestones (POA&Ms) for the associated remediation. Additionally, collected XCCD documents can be converted into reports to authoritative oversight systems such as CyberScope.
Configuration / Patch Management: BeyondTrust Retina, Shavlik, SolarWinds, VMware
SCAP is a government-led, multi-agency initiative to enable automation and standardization of technical security operations, such as policy compliance checking. SCAP is based on several evolving standards:
CVE — Standard nomenclature and dictionary of security related software flaws
CCE — Standard nomenclature and dictionary of software misconfigurations
CPE — Standard nomenclature and dictionary for product naming and versioning
XCCDF — Standard XML for checklists and for reporting results of checklist evaluation
CVSS — Standard XML schema for vulnerability scoring
OVAL — Standard XML for defining configuration checks