SCAP Compliance Checker SCC Tool 3.1.2

 

SCAP Compliance Checker SCC
SCAP Compliance Checker (SCC)

SPAWAR Systems Center Atlantic has released an updated version to the SCAP Compliance Checker SCC Tool.  The updated features include recent DISA STIG content for both Windows and Red Hat systems and NIST USGCB patch content.  In addition, several defects have been resolved in the 3.1.2 release.

SCAP Content
+ AIX
+ Dot Net Framework
+ Google Chrome
+ HP-UX
+ Internet Explorer Benchmarks
+ Red Hat
+ Solaris
+ Windows 8 Benchmarks
+ Windows 2008 R2 Benchmarks
+ Windows 2008 Benchmarks
+ Windows 2003 Benchmarks
+ Windows 7 Benchmarks
+ XP Benchmarks
+ Vista Benchmarks
+ Audit
+ SCAP Tools

The SCAP Tools are located at http://iase.disa.mil/stigs/scap/index.html#scc

 Security Content Automation Protocol (SCAP) Windows Benchmarks

DISA Field Security Operations (FSO) is releasing updated automated compliance benchmarks for Windows Operating Systems outside of the normal quarterly release schedule.  The latest benchmarks will correct a problem with importing the content into the HBSS Policy Auditor tool. The Benchmarks are located at http://iase.disa.mil/stigs/scap/index.html

 

More on the feature of SPAWAR SCAP Compliance Checker SCC Tool:

Primary Features:

  • No per seat license costs for Federal government/contractor computers
  • Performs compliance scanning using SCAP content
  • Performs vulnerability scanning using OVAL content
  • Performs manual interview checks using OCIL content
  • Creates XCCDF XML results
  • Creates OVAL XML results
  • Creates ARF XML results
  • Creates Cyberscope Autofeed XML results
  • Creates HTML and text based single computer reports
  • Creates HTML and spreadsheet based multi-computer summary reports
  • Allows for installation of custom SCAP and OVAL content
  • Allows for automatic downloading of updated patch content from Internet/Intranet
  • Allows for organizational deviations
  • Allows for organizationally defined compliance thresholds
  • Has graphical and command line interfaces
  • Native executables per platform (no runtime requirements such as Java
Tags : diarmf - implementrmfrmf assessmentrmf implementationSCAP Compliance Checkerscap compliance toolscap toolscc
Bruce Brown

The author Bruce Brown

I have done a lot of work with Risk Management Framework for DoD IT (formerly DIACAP,DITSCAP). I noticed there was not a lot of information for security engineers on the nuts and bolts of it, so i started writing it down. security is just a hobby. my real job is to help humanity out of poverty (information & financial poverty). I am sure we can do it together maybe rmf will help humanity. ;p the internet maybe our greatest hope, we should keep it safe.

2 Comments

  1. When will your tool be SCAP 1.2 compliant? Since 1.0 tools expired on Dec 31, 2013 under NIST validation it leaves a lean field of choices for validated scanners.

    1. Hey Bill,
      We don’t own SCC Tool. Its SPARWAR’s baby: http://www.public.navy.mil/spawar/Atlantic/ProductsServices/Pages/SCAP.aspx

      I think you can get an updated (SCAP 1.2 compliant) copy on iase.disa.mil under SCAP TOOLS (check the drop down.. i think that is all 2014 stuff) http://iase.disa.mil/stigs/scap/index.html
      I cannot access those tools

      more:
      http://scap.nist.gov/validation/

      Approved Validation Programs According to NIST (all use SCAP 1.2):
      https://nvd.nist.gov/SCAP-Validated-Tools/

      slides on SCAP 1.2
      http://scap.nist.gov/events/2011/itsac/presentations/day2/Scarfone%20-%20SCAP%201.2%20Overview.pdf

Leave a Response