Embed Size (px)
Citation preview
TRIPWIRE ENTERPRISE AND SECURITY CONTENT AUTOMATION PROTOCOL (SCAP)
uuTripwire Enterprise can evaluate SCAP 1.0, 1.1 and 1.2-based content processing in their environment using Tripwire’s next-generation agent running the OVAL scanner plug-in. Federal agencies can test their own content, DISA, USGCB or other SCAP-compliant content on their Windows and Red Hat platforms. This makes it easy to comply with SCAP 1.2 standards, measure and automate continuous monitoring programs and helps solve the interoperability problems inherent in enterprise security.
DATASHEET
RISK-BASED SECURITY MANAGEMENT SOLUTIONS
CONFIDENCE:SECURED
Security Content Automation Protocol (SCAP) is a set of standards and techni-cal specifications used by U.S. Federal Government agencies to standardize the assessment of their security posture. It employs several different security methods, standards and protocols, rang-ing from the way security content is delivered to the way individual policies are tested and evaluated. SCAP also represents a NIST (National Institute of Standards and Technology) compliance program that validates vendor products for their ability to perform security examinations of government IT systems. Tripwire is the first configuration secu-rity vendor to achive NIST certification for SCAP 1.2.
Tripwire has provided solutions of choice for performing exhaustive, detailed assessments of server and device security configurations for over 15 years. These new SCAP capabilities add to existing Tripwire® Enterprise core competencies to make an improved solution for man-aging cyber security—specifically for assessing FDCC (Federal Desktop Core Configuration) compatibility.
Built on Tripwire Enterprise’s trusted IT security platform, the new capabilities blend SCAP-aligned improvements with traditional Tripwire Enterprise strengths.
Differences between existing imple-mentations and new SCAP-enabled implementations include:
»Language differences: SCAP runs a special language (based on XML files) called OVAL (Open Vulnerability Assessment Language). OVAL specifies the methods used in the assessment. Rules made in the SCAP OVAL format are more specific and complex than those normally found in Tripwire Enterprise. »Format differences: SCAP is not proprietary, and in fact uses an open format for content interoperability called XCCDF (Extensible Checklist Configuration Description Format). That means SCAP tests and results can be used on any SCAP-validated product, and that different groups (i.e. government agencies) can share SCAP policies. CyberScope is the Office of Management and Budget standard format for reporting XCCDF data, which provides the ability to roll up compliance reporting from across gov-ernment offices. »Specificity: Unlike Tripwire Enterprise’s native configuration assessment capabilities, the new SCAP capabilities specify additional test “states” that include more than pass/fail. Tests can be reported as “error,”
“not applicable,” “unknown,” and “not evaluated.” »Open Source Content: Tripwire Enterprise’s SCAP feature imports “SCAP content” that is published freely from NIST and submitted by an open source volunteer community.
As part of the new SCAP 1.2 functional-ity, Tripwire Enterprise users can easily import content “bundles” from NIST that assess their target machine against:
»Windows XP system standards »Windows Vista system standards » Internet Explorer 7 implementations »Windows firewall setting standards »Red Hat Enterprise Linux
Once the tests have been executed against the target machine, Tripwire Enterprise users can easily examine detailed policy tests and export them in the common XCCDF format or ARF (Asset Recording Format).
With Tripwire Enterprise’s new SCAP capabilities, users in federal govern-ment IT groups now have a solution that is a validated as an Authenticated Configuration Scanner along with the CVE option that makes it easy to assess security settings across their critical infrastructure. And because this capabil-ity is built on top of an industry-trusted solution for file integrity monitoring, policy management and automated
remediation, they have added assurance that their SCAP content is leveraged, in real time, to its fullest extent.
©2013 Tripwire, Inc. Tripwire is a registered trademarks of Tripwire, Inc. All other product and company names are property of their respective owners. All rights reserved.
uu Tripwire is a leading global provider of risk-based security and compliance management solutions that enable organizations to effectively connect security to the business. Tripwire delivers foundational security controls like security configuration management, file integrity monitoring, log and event management, vulnerability management, and security business intelligence with performance reporting and visualization. uuu
LEARN MORE AT WWW.TRIPWIRE.COM OR FOLLOW US @TRIPWIREINC ON TWITTER.
TESCAP2r 201306
