Tripwire Announces the First SCAP 1.2 Validated Scanner in Tripwire Enterprise

Share Article

New continuous diagnostics and mitigation solution processes native SCAP content.

News Image
We are excited to be the first vendor to earn this important validation.

Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Security Content Automation Protocol (SCAP) 1.2 validation for Tripwire Enterprise® version 8.3.2 on Red Hat and Windows platforms. Tripwire is the first configuration scanning vendor to complete SCAP 1.2 validation under NIST’s National Voluntary Laboratory Accreditation Program (NVLAP). The validation was performed by SAIC.

Federal government agencies are under immense pressure to improve cyber security through an increased focus on risk management initiatives, such as Continuous Diagnostics and Mitigation (CDM) and Federal Information Security Management Act (FISMA) compliance.

"We are excited to be the first vendor to earn this important validation," said John Klein, federal director for Tripwire. "Tripwire has been a strong supporter of government security standards for over 15 years and we’re committed to delivering continuous diagnostics and mitigation solutions that help government agencies and contractors become both compliant and secure."

The SCAP standard drives continuous monitoring because it organizes, measures and automates a wide range of cyber security information. SCAP has been adopted by many commercial firms that do business with the federal government and private sector firms are adopting it to solve large-scale policy management problems.

Tripwire Enterprise provides comprehensive SCAP scanning and CyberScope reporting solutions. Tripwire Enterprise version 8.3.2 includes a next-generation policy engine that processes native SCAP 1.2 content using the Open Vulnerability and Assessment Language (OVAL) standard.

Key features include:

  • Full support for SCAP 1.0, 1.1 and 1.2 content.
  • Full support for OVAL including the Extensible Configuration Checklist Format (XCCDF) and Asset Reporting Format (ARF) output.
  • Allows customers to test SCAP compliant content from DISA, USGCB as well as proprietary content.

For more information on Tripwire’s government solutions please visit

About Tripwire

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Eva Hanscom
Visit website