SignaCert Announces Full Support of SCAP and FDCC

Share Article

SignaCert supports the current SCAP methods and lends its expertise in measurement and verification of FDCC binary images

SignaCert has the only solution available that can automatically prove that FDCC images remain deployed as intended over their lifetime.

SignaCert Inc. (, the leading provider of independent IT controls solutions, today announced its active support of the Security Configuration Automation Protocol (SCAP) and Federal Desktop Core Configuration (FDCC) mandates, as directed by the Office of Management and Budget (OMB). Using software measurement methods, SignaCert products can prove that federal systems under the OMB mandate are FDCC compliant to the binary level. SignaCert will provide standard baseline images for both Windows XP and Vista desktops at no additional charge with its Enterprise Trust Server (ETS), both as an appliance-based solution or a hosted service.

As an adjunct requirement under the Federal Information Security Management Act (FISMA), both SCAP and FDCC have been added to the list of FISMA compliance and reporting requirements for all Federal Agencies effective February 1, 2008. OMB, in conjunction standards and technical guidance from the National Institute of Standards (NIST), the Department of Defense (DOD) and the Department of Homeland Security (DHS) created and announced the new requirements in memo form on March 22 and June 1, 2007. Through the use of SCAP and FDCC, these and other agencies have worked to supplement FISMA with more standardized methods and prescriptive controls than before.

"With the foundation of a trusted platform, it is possible to definitively prove that the runtime data structure is as intended and authorized," said Amal Chaudhuri, president and COO of SignaCert. "SignaCert has the only solution available that can automatically prove that FDCC images remain deployed as intended over their lifetime."

While SCAP is intended to standardize the configuration controls for desktop systems subject to the OMB mandates, SignaCert goes one step further by verifying that the actual deployed binary image meets the prescribed image requirements under FDCC.

Additionally, SignaCert announced its partnership to support SCAP in partnership with Secure Elements on September 20, 2007, and expects to work with other existing and emerging vendors supporting the SCAP standards and methods.

The FDCC standard image validation templates can be specified when ordering the SignaCert Enterprise Trust Server (ETS).

About SignaCert Enterprise Trust Server
SignaCert's Enterprise Trust Server is an appliance-based solution that independently monitors the operating system, applications, platforms and other software companies against a known trusted reference. The benefit is improved visibility to ensure systems are deployed as intended down to a binary level, using a controlled specification, to help government agencies maintain systems and processes that are easier to audit and prove compliance by electronically verifying what the systems contain.

Background of FDCC and SCAP Mandates:
On July 31st, 2007, the National Institute of Standards and Technology (NIST) announced the open availability of VHDs (virtual hard disks) of the operating system images, the associated Group Policy Objects (GPOs), and Security Content Automation Protocol (SCAP) XML content for auditing software configurations against the Federal Desktop Core Configuration (FDCC) baseline for XP and Vista. On the same day, OMB announced that agencies must use tools that are verified as SCAP compliant when monitoring use of these configurations. Compliance by agencies is mandated by February 1, 2008.

About SignaCert
Founded in 2004 by industry veteran, Wyatt Starnes, SignaCert delivers independent IT controls that provide a deeper understanding into enterprise systems and prove applications are deployed as intended. The company's Enterprise Trust Server product enables business and government to measure, verify, and maintain the state of their technology infrastructure using a device-independent proactive approach that checks the operating system, applications, platforms, and other software against a known trusted reference. This independent monitoring increases availability of critical IT infrastructure, provides greater control, and fulfills critical compliance and auditing requirements to help organizations achieve operational excellence. SignaCert's products are available directly from the company. For more information, visit

SignaCert is a registered trademark of SignaCert, Inc. All other product and company names mentioned herein may be the trademarks of their respective owners.

Press Contact:
Marta George
SignaCert, Inc.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Marta George
Visit website