Security Content Automation Protocol (SCAP) is a suite of open standards that enumerates software flaws, security related configuration issues, and product names; measures systems to determine the presence of vulnerabilities; and provides mechanisms to rank (score) the results of these measurements in order to evaluate the impact of the discovered security issues. SCAP defines how these standards are used in unison to accomplish these capabilities.
 
SCAP validation focuses on evaluating specific versions of vendor products, based on the platforms they support.  Validation certificates will be awarded on a platform-by-platform basis for the version of the product that was validated. Currently, official SCAP content is primarily focused on Windows operating systems. Thus, vendors seeking validation will be evaluated based on the ability of the product to operate on the Windows target platform. 
 
The SCAP Validation Program tests a product's ability to use the features and functionality available through one or more of the 12 SCAP capabilities and/or the 6 individual component standards.  Please see the ICSA Labs CST SCAP - Info Sheet document for more information.                                         
 
Under the SCAP Validation Program, independent laboratories are accredited by the NIST National Voluntary Laboratory Accreditation Program (NVLAP). Accreditation requirements are defined in NIST Handbook 150, and NIST Handbook 150-17.  Independent laboratories conduct the tests contained in this document on information technology (IT) security products and deliver the results to NIST. Based on the independent laboratory test report, the SCAP Validation Program then validates the product under test based on the independent laboratory test report. The validation certificates awarded to vendor products will be publicly posted on the NIST SCAP Validated Tools web page (http://nvd.nist.gov/scapproducts.cfm). Vendors of validated products will be provided with a logo that can be used to indicate a product's validation status.
 
For additional information about ICSA Labs' SCAP Program or to schedule testing, please email us, or call:

Harry Brittain    Senior Account Executive                   717.790.8111

Dick Buehler     Senior Account Executive                   717.790.8112
Mike Haas         Vendor Services Account Executive   717.790.8161

Steve Ratcliffe   CST Lab Manager                               717.790.8127