Qualys Blog

www.qualys.com

QualysGuard SCAP Validation

The National Institute of Standards and Technology (NIST) has re-validated the QualysGuard® FDCC service as conforming to the following SCAP capabilities:

  • FDCC Scannernist-logo
  • Authenticated Configuration Scanner
  • Authenticated Vulnerability and Patch Scanner
  • Unauthenticated Vulnerability Scanner

With the growing adoption of the Security Content Automation Protocol (SCAP), the QualysGuard® FDCC service is committed to supporting the Federal Desktop Core Configuration (FDCC) and has added support for the United States Government Configuration Baseline (USGCB).  Government agencies and industry should use the SCAP-validated QualysGuard® FDCC service to test and assess compliance with FDCC and USGCB standards.

FDCC

What is the Federal Desktop Core Configuration?

In March 2007, the Office of Management and Budget (OMB) Memorandum M-07-11 announced the "Implementation of Commonly Accepted Security Configurations for Windows Operating Systems", directing agencies who have Windows XP deployed and/or plan to upgrade to the Windows Vista operating system to adopt the Federal Desktop Core Configuration (FDCC) security configurations. On June 20, 2008, the National Institute of Standards and Technology (NIST) published the updated FDCC Major Version 1.0 settings release. FDCC is comprised of settings that can be checked using the updated Security Content Automation Protocol (SCAP) content and SCAP-validated tools with FDCC Scanning capability as specified by NIST.

USGCB

What is the United States Government Configuration Baseline? How does it differ from FDCC?

In May 2010, the Architecture and Infrastructure Committee of the CIO Council announced the United States Government Configuration Baseline (USGCB) settings for Windows 7 and Internet Explorer 8. The USGCB is a further clarification of the Federal Desktop Core Configuration (FDCC); specifically, the USGCB initiative falls within FDCC and comprises the configuration settings component of FDCC. To assist in implementation, NIST will release the supporting Security Content Automation Protocol (SCAP) content for all USGCB settings.

QualysGuard® FDCC Service

The QualysGuard® FDCC service is the first certified cloud based computing solution for FDCC compliance.  It allows federal agencies to scan and report compliance with the FDCC and USGCB requirements through a centralized, integrated solution leveraging the QualysGuard® Software-as-a-Service (SaaS) architecture. The QualysGuard® Scanner Appliances support FDCC and USGCB scanning for internal systems on a global scale.

The QualysGuard® FDCC service is validated by NIST as conforming to SCAP and its component standards. The QualysGuard® FDCC service currently supports the following SCAP content:

  • FDCC: Windows XP
  • FDCC: Windows XP Firewall
  • FDCC: Windows Vista
  • FDCC: Windows Vista Firewall
  • FDCC: Internet Explorer 7
  • USGCB: Windows 7
  • USGCB: Windows 7 Firewall
  • USGCB: Internet Explorer 8

Leave a Reply