Secure Elements Announces Industry’s First NIST SCAP Validated Tool for Federal Desktop Core Configuration (FDCC) Scanning, Monitoring, and Reporting

Share Article

C5 Compliance Platform industry’s first enterprise class audit & compliance solution validated by a NIST Accredited Independent Lab – mandated for March 31, 2008 FDCC Agency reporting deadline.

Secure Elements, the industry leader in standards-based IT audit and compliance management, today announced their C5 Compliance Platform as the industry’s first enterprise solution that has achieved the status of a NIST SCAP Validated Tool in their most stringent SCAP Validation Category – FDCC Scanning.

The Office of Management and Budget (OMB) has mandated that all government agencies implement the FDCC for all Microsoft XP and Vista desktops and laptops by February 1, 2008. Agencies must utilize a SCAP Validated Tool, when available, to verify and then continuously monitor the desktop configurations for FDCC compliance.

The C5 Compliance Platform, purpose built on the SCAP standards and in use by agencies in support of the OMB initiative for the past year, is now the first SCAP Validated Tool. Agencies site several key product differentiators for their selection of our solution:

  •     Enterprise Ready – Scans remote and distributed desktops with a single appliance – audits hosts through firewalls with NAT (Network Address Translation) enabled and when connected by a VPN to the enterprise – and does NOT alter FDCC security settings
  •     Solution that goes above and beyond the FDCC – includes out-of-the-box support to adapt and author agency-specific SCAP benchmarks - without requiring an XML editor
  •     Support for Agency Policies - Share NIST and Agency benchmarks across disparate servers in the enterprise – and aggregate compliance results – with 360 degree analysis
  •     Enterprise Architecture - built upon a services oriented architecture with full support for WS-I based web services for interoperability with other technologies
  •     Support for Auditing the “Non-Automated” controls – provides a complete solution, and integrates TODAY with FISMA Reporting solutions such as CSAM and others

Contracting officers, CIO’s, and CFO’s have offered additional benefits gained by selection the C5 Compliance Platform:

  •     No “extra fees” or “add on modules” for FDCC auditing – all inclusive within the platform
  •     No “extra fees” for the other leading applications (asset inventory management, policy management, vulnerability management, remediation) included within platform
  •     Ease of acquisition via preferred GSA schedule holders and SEWP IV GWAC vehicle

The next phase of the OMB mandate requires government agencies to submit their FDCC system audit result from their NIST SCAP Validated Tools to send to NIST for statistical analysis and review.

"The Federal Desktop Core Configuration mandate from the OMB is designed to ensure a secure baseline for stronger IT security and hardened Windows endpoint configurations. Secure Elements committed to supporting the standards that comprise SCAP more than 2 years ago - before the initiative was called SCAP," said Secure Elements’ CTO Andrew Bove. “We designed in support for auditing secure systems –- and eliminated the restrictions that limited the legacy network scanners –- so now you can scan your entire enterprise –- and trend your results over time -– without worrying about duplications due to DHCP or missing information for hosts that were powered down at the time of the scan.”

“Earning the first SCAP Validation is an achievement that we have worked towards for the last two years, and it demonstrates our dedicated support for the initiative,” said Scott Armstrong, Vice President of Marketing and Alliances at Secure Elements. “The C5 Compliance Platform went through a detailed technical analysis to attest to its ability to process the SCAP data streams, evaluate the Federal Desktop Core Configuration with 100% accuracy, and generate required reports. The certification is timely in order to support the March 31, 2008 deadline for reporting FDCC compliance.”

“The public-private partnerships developed between government and industry in bringing the SCAP Validated Tools and the FDCC initiatives together is evidence that progress is being made towards accountability in securing our infrastructure,” said Ned Miller, CEO of Secure Elements. “Industry and government must continue forward with initiatives addressing secure baselines for server technology, network infrastructure equipment and applications. We believe that SCAP based solutions are poised to evolve beyond security configuration compliance -- and will include other areas of systems and operational management -– such as compliance with energy efficient settings, and other regulatory initiatives such as HIPAA, SOX, PCI, and others.”    

About Secure Elements:
Secure Elements develops innovative standards based products that help organizations achieve IT security compliance. We enable organizations to audit, evaluate, and comply with internal, industry, and regulatory policies. Our solutions reduce business risk and IT management costs while improving systems performance and maintaining business continuity. Based in Northern Virginia, Secure Elements serves organizations in the federal government and critical infrastructure markets, as well as the Global 1000.

Piper Conrad
On Behalf of Secure Elements
Phone: (703) 287-7820


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Piper Conrad
Visit website