Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

NIST Validation For Core Impact Pro

Core Security Technologies : 23 July, 2010  (New Product)
Penetration testing solution from Core Security Technologies gains Security Content Automation Protocol conformance approvals from the US National Institute of Standards and Technology
Core Security Technologies has announced that it's Core Impact Pro automated penetration testing solution has been officially validated by the National Institute of Standards and Technology (NIST) as conforming to the Security Content Automation Protocol (SCAP) and its component standards.

First conceived by NIST and the National Security Agency (NSA) as a common format for exchanging IT security data, SCAP specifically comprises a suite of specifications used for organizing and expressing security-related information in standardized manner.

Derived from input solicited from across the government sector, SCAP integrates a number of open standards used to enumerate software vulnerabilities and configuration issues to enable automated vulnerability management, measurement, and policy compliance evaluation - specifically related to mandates including the Federal Information Security Management Act (FISMA).

Impact Pro users can now export information in an XML format using SCAP standards to help with continuous monitoring, vulnerability data management and security assessment, thereby meeting their expanded interoperability needs and streamlining their overarching vulnerability management efforts.

"SCAP was created to help government organizations bridge their security assessment and vulnerability management efforts across multiple processes, technologies and solutions, and as Core Impact helps people lend greater speed and consistency to their work in identifying and addressing real-world risks, we're very proud to gain this validation from NIST," said Fred Pinkett, vice president of Product Management at Core. "We'll continue to embrace the standards and recommendations coming out of NIST and other influential government organizations to ensure that our customers feel confident that we're helping them stay ahead of their security testing requirements."

In support of SCAP, Impact Pro v10.5 incorporates the following data into its reports and is also able to export the data in XML format for use in centralized security databases:

* Common Vulnerabilities and Exposures (CVE) Numbers
* Common Vulnerability Scoring System (CVSS) Ratings
* Common Platform Enumeration (CPE)

NIST officials have also said repeatedly that their security automation agenda is far broader than the vulnerability management application of modern day SCAP, encompassing many different security activities and disciplines that can benefit from standardized expression and reporting of vulnerability data - including compliance, remediation, and network monitoring.

Industry leaders spanning both the public and private sectors have endorsed broader adoption of SCAP as an important opportunity for government organizations to markedly improve their ability to identify, test and remediate their critical points of IT risk.

"SCAP represents a significant step forward in strengthening the public/private partnership needed to improve our nation's cyber security," said Marcus Sachs, the executive director for National Security and Cyber Policy at Verizon who works closely with government and business stakeholders in Washington as part of the National Security/Emergency Preparedness (NS/EP) community.

"Neither the government, academia, nor the private sector can secure cyberspace by themselves, it really is a team effort," said Sachs, who is also secretary of the US Communications Sector Coordinating Council and director of the SANS Internet Storm Centre. "Initiatives like SCAP streamline the process of exchanging technical information between the organizations and companies working together to mutually protect all of us online."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo