NIST launches Web site to validated software security tools for federal IT

A new Web site launched by the National Institute of Standards and Technology (NIST) can help federal information systems managers maintain the security of their systems by providing a list of software security tools that have been validated for correct performance. In recent years, the U.S. government has significantly increased the security requirements for federal information systems. To make it easier for IT staff at federal agencies to maintain their systems’ security, NIST, in collaboration with the Department of Defense (DOD), DHS, and the MITRE Corporation, recently introduced a technical framework called the Security Content Automation Protocol (SCAP). SCAP provides technical specifications for identifying, enumerating, assigning, and sharing security-related data. SCAP supports the automation of security operations in information systems for the purpose of improving the operations’ efficiency and effectiveness. Software vendors have been developing SCAP-based tools, but how do government customers know that their tools are using SCAP correctly?

The new NIST Web page lists software tools that have been validated by external testing labs as processing SCAP correctly. Listing validated SCAP tools is intended to make it easier for government agencies to take advantage of SCAP’s capabilities and to ensure compliance with federally mandated computer security standards. The NIST site will be updated regularly.