Tenable and SCAP 1.1
Tenable recently announced that SecurityCenter 4 has been validated by NIST as conforming to the Security Content Automation Protocol (SCAP) version 1.0. The specifications for the latest version of SCAP, 1.1, have recently been released through NIST’s third public draft of Special Publication 800-126 Rev. 1, and the revision is currently open until January 28 for public comment on implementation, content or functional issues within the specification. Tenable is already focusing on the changes included in SCAP 1.1 and will incorporate them into both SecurityCenter and Tenable’s xTool, which is used to parse XCCDF SCAP content available from NIST and also convert SecurityCenter reports into the FDCC reporting format.
SCAP 1.1 plans to add the Open Checklist Interactive Language (OCIL) to the specification, as well as support the upgrade of the Open Vulnerability and Assessment Language (OVAL) to version 5.8. Other components of SCAP include the eXtensible Configuration Checklist Description Format (XCCDF), Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), Common Platform Enumeration (CPE) and Common Configuration Enumeration (CCE). CVE IDs and CVSS scores are included in Nessus and PVS plugins, which allows for easier identification and risk assessment of vulnerabilities found during monitoring and compliance efforts.
As a finalized version of SCAP 1.1 approaches, government agencies and businesses in the private sector are looking to solidify their security posture and compliance with numerous standards (such as FDCC and USGCB for federal systems, and PCI DSS and HITRUST for the financial and medical sectors, respectively). According to SP 800-126, “SCAP is achieving widespread adoption by major software and hardware manufacturers and has become a significant component of large information security management and governance programs”. More information about how SecurityCenter 4 and the xTool can assist with these goals can be found on NIST’s product validation page for Tenable or by contacting Tenable’s sales team.
Related Articles
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
April 18, 2024The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.
