• Welcome

    Welcome to the Secure Elements Secure Content Automation Protocol (SCAP) BLOG site. Our intention with this forum is to provide insight and share the latest news, events, technology advancements and experiences for those who are beginning their journey into the SCAP and Federal Desktop Core Configuration (FDCC) arena. Navigating the complex world of auditing and compliance can be very challenging. The Secure Elements’ team of professionals has been involved with SCAP and the FDCC well before they had program names and hope to share our experiences with those now chartered with understanding the impact of the standards and those with implementation responsibilities. On this BLOG you will find views and opinions from our team, useful background information, and reference links to the latest news and most importantly an “Ask the Expert” section where we will attempt to address any issue our readers choose to explore related to SCAP, the FDCC and FISMA. Thank you for visiting and we hope you find our BLOG useful and informative. Submitted by: Ned Miller

FDCC – The Next Series of Milestones – March 31, 2008 Compliance Reports Due to OMB & NIST

Posted on February 4, 2008 by Secure Elements Blog

The next phase of the OMB mandate requires government agencies to submit their FDCC system audit result sets – as exported from their NIST SCAP Validated Tools in SCAP compliant formats – to NIST for statistical analysis and review.  The reporting information should be sent to OMB at fisma@omb.eop.gov with a carbon copy to NIST at fdcc@nist.gov by March 31, 2008.  An agency or department CIO must report compliance for that organization. Compliance is expressed as a roll-up, of the compliant versus non-compliant computers. For non-compliant computers, CIOs must provide a representative sample of SCAP-based (XCCDF version 1.1.4) assessment reports. The FDCC XML reporting format is located at http://nvd.nist.gov/scap/content/fdcc-reporting_20080108.zip.  Submitted by: S. Armstrong

Filed under: FDCC | Leave a Comment »

SCAP & FDCC Validation Process – NIST Accredited Lab

Posted on February 1, 2008 by Secure Elements Blog

On the eve of the Feb 1, 2008 OMB mandate, Secure Elements C5 Platform went through a detailed technical analysis to attest to its ability to process the SCAP data streams and evaluate the Federal Desktop Core Configuration functionality and report production. The certification is timely in order to support the OMB March 31, 2008 deadline for reporting FDCC compliance. The public-private partnerships developed between government and industry, bringing the SCAP Validated Tools and the FDCC initiatives together, is evidence that progress is being made towards accountability in securing our infrastructure.  Industry and government must continue forward with initiatives addressing secure baselines for server technology, network infrastructure equipment and applications. I believe that SCAP based solutions are poised to evolve beyond security configuration compliance  - and will include other areas of systems and operational management – such as compliance with energy efficient settings, and other regulatory initiatives such as HIPAA, SOX, PCI, and others.

 

Submitted by: A Bove

Filed under: Executive Insight | Leave a Comment »

Next Page »
Follow

Get every new post delivered to your Inbox.