We are excited to play a role in the further development of the standard and contributing our knowledge to the community regarding the use of CVSS in enterprise environments with SCAP-based solutions.
Herndon, VA (PRWEB) September 10, 2007
Secure Elements, the industry leader in standards-based IT audit and compliance management, today announced their selection to participate in the Common Vulnerability Scoring System (CVSS) Special Interest Group (SIG) and their continued support of CVSS within the C5 Compliance Platform. Andrew Bove, CTO, and Scott Carpenter, Security Labs Director, have been invited to participate on the international Forum of Incident Response and Security Teams (FIRST) CVSS-SIG.
CVSS provides a universal open and standardized method for rating IT vulnerabilities. Compliance with this standard, CVSSv2 (Version 2.0), is now required as part of the NIST Security Content Automation Protocol (SCAP) as well as the Payment Card Industry (PCI) Data Security Standard.
To be considered compliant with the PCI Data Security Standard, a component must not contain any vulnerability that has been assigned a CVSS base score equal to or higher than 4.0 on a scale of 0 to 10. For FISMA compliance, NIST has published the NIST Interagency Report 7435 which provides guidance on the applicability of CVSS to Federal Agency Systems. Additionally, this report identifies the relationship to FIPS 199 Security Categories and its use with NIST SCAP data streams for automation of IT control auditing and measurement.
Secure Elements is the leading enterprise provider of SCAP-compliant tools designed to help agencies meet the OMB mandate for secure desktop configuration in addition to overall FISMA compliance. Use of SCAP-compliant tools to monitor systems for vulnerability and compliance management is currently projected to be used in standardizing and automating vulnerability management for many millions of computers, eventually rising to hundreds of millions.
“The scoring provided by CVSS plays a huge role in measuring compliance with the Federal Desktop Core Configuration for both software flaws and mis-configurations,” commented Scott Carpenter. “We are excited to play a role in the further development of the standard and contributing our knowledge to the community regarding the use of CVSS in enterprise environments with SCAP-based solutions.”
Secure Elements’ C5 Compliance Platform helps agencies automate the process of auditing, measuring, and reporting compliance of IT systems against the best practices embodied in the NIST SCAP XML content for OMB and FISMA compliance.
About Secure Elements:
Secure Elements develops innovative products that help organizations achieve IT security compliance. We enable organizations to audit, evaluate, and comply with internal, industry, and regulatory policies. Our solutions reduce business risk and IT management costs while improving systems performance and maintaining business continuity. Based in Northern Virginia, Secure Elements serves organizations in the federal government and critical infrastructure markets, as well as the Global 1000. http://www.secure-elements.com
Contact: Piper Conrad
On Behalf of Secure Elements
Phone: (703) 287-7820