• Solutions
  • Overview
  • Network Security
    • Vulnerability Scan
    • Penetration Testing
  • Government
    • SCAP
    • FISMA
    • CAG 20
  • Industry Compliance
    • PCI
    • HIPAA
    • SOX
    • COPPA
    • GLBA
    • NERC
  • Consultants
  • Enterprise
  • Small Business
• Products
  • Overview
  • Software
    • SAINT® scanner
    • SAINTexploit^TM
    • SAINTmanager^TM
    • SAINTwriter®
  • On Demand SaaS
    • WebSAINT PRO^SM
    • WebSAINT®
  • Appliances
    • SAINTbox^TM
    • SAINTstick^TM
• Services
  • Overview
  • PCI Compliance
  • Vulnerability Assessment
  • Penetration Testing
  • Web App. Assessment
• Customers
  • Overview
  • Case Studies
  • Testimonials
• Support
  • Overview
  • Technical Support
  • Certification Training
  • Videos
• Resources
  • Overview
  • Literature
  • Request Demo
  • Request Evaluation
• Partners
  • Overview
  • SAINT Partners
  • Contact Partners
• Company
  • Overview
  • Contact Us
  • News
  • Events
  • Careers
  • Management

• Solutions Overview

Network Security –

• Vulnerability Scan
• Penetration Test

Government Compliance –

• SCAP
• FISMA
• CAG 20

Industry Compliance –

• PCI
• HIPAA
• SOX
• COPPA
• GLBA
• NERC

 

• Solutions for Consultants
• Enterprise Solutions
• Small Business Solutions

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SCAP Compliance

The Security Content Automation Protocol (SCAP) is a specification established by the U.S. National Institute of Standards and Technology (NIST) for expressing and manipulating security data in standardized ways. Currently, SCAP can enumerate product names and vulnerabilities (both software flaws and configuration issues); identify the presence of vulnerabilities; and assign severity scores to software flaw vulnerabilities.

SAINT Support for SCAP
SAINT provides support to The Security Content Automation Protocol (SCAP) specification as an Unauthenticated Vulnerability Scanner and Authenticated Vulnerability and Patch Scanner. SAINT provides support to SCAP requirements defined for each of these components, as defined in NIST SP 800-126, the SCAP specification for these capabilities. SAINT support for open standards languages, enumerations and metrics applicable to both ‘unauthenticated’ and ‘authenticated’ scanners, currently includes OVAL, XCCDF, CPE, CVE, and CVSS. These are discussed below.

OVAL

Open Vulnerability and Assessment Language (OVAL) is an international information security standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. SAINT provides support to the OVAL Adoption Program as a Vulnerability Scanner, and provides the capabilities as both a Definition Evaluator and a System Characteristics Producer.

XCCDF

XCCDF security benchmark automation is a specification language for writing security checklists, benchmarks, and related types of documents, defined by NIST. Security checklists (or benchmarks) can be downloaded from http://scap.nist.gov/content; these data streams can then be downloaded into SAINT to run an XCCDF scan.

CPE

Common Platform Enumeration (CPE) enumeration is a structured naming scheme for information technology systems, software, and packages.

CVE

Common Vulnerabilities and Exposures (CVE) enumeration is a dictionary of publicly known information security vulnerabilities and other information security exposures.

CVSS 

Common Vulnerability Scoring System (CVSS) metric is a vulnerability scoring system designed to provide an open and standardized method for rating Information Technology vulnerabilities framework for communicating the characteristics and impacts of IT vulnerabilities.

Copyright © 2010 SAINT Corporation. All Rights Reserved.