Académique Documents
Professionnel Documents
Culture Documents
DATASHEET
uu Tripwire
Enterprise can evaluate SCAP 1.0, 1.1 and 1.2-based content processing in their environment using Tripwires next-generation agent running the OVAL scanner plug-in. Federal agencies can test their own content, DISA, USGCB or other SCAP-compliant content on their Windows and Red Hat platforms. This makes it easy to comply with SCAP 1.2 standards, measure and automate continuous monitoring programs and helps solve the interoperability problems inherent in enterprise security.
special language (based on XML files) called OVAL (Open Vulnerability Assessment Language). OVAL specifies the methods used in the assessment. Rules made in the SCAP OVAL format are more specific and complex than those normally found in Tripwire Enterprise. Format differences: SCAP is not proprietary, and in fact uses an open format for content interoperability called XCCDF (Extensible Checklist Configuration Description Format). That means SCAP tests and results can be used on any SCAP-validated product, and that different groups (i.e. government agencies) can share SCAP policies. CyberScope is the Office of Management and Budget standard format for reporting XCCDF data, which provides the ability to roll up compliance reporting from across government offices. Specificity: Unlike Tripwire Enterprises native configuration assessment capabilities, the new SCAP capabilities specify additional test states that include more than pass/ fail. Tests can be reported as error,
not applicable, unknown, and not evaluated. Open Source Content: Tripwire Enterprises SCAP feature imports SCAP content that is published freely from NIST and submitted by an open source volunteer community. As part of the new SCAP 1.2 functionality, Tripwire Enterprise users can easily import content bundles from NIST that assess their target machine against:
Once the tests have been executed against the target machine, Tripwire Enterprise users can easily examine detailed policy tests and export them in the common XCCDF format or ARF (Asset Recording Format). With Tripwire Enterprises new SCAP capabilities, users in federal government IT groups now have a solution that is a validated as an Authenticated Configuration Scanner along with the CVE option that makes it easy to assess security settings across their critical infrastructure. And because this capability is built on top of an industry-trusted solution for file integrity monitoring, policy management and automated
remediation, they have added assurance that their SCAP content is leveraged, in real time, to its fullest extent.
Windows XP system standards Windows Vista system standards Internet Explorer 7 implementations Windows firewall setting standards Red Hat Enterprise Linux
uu Tripwire
is a leading global provider of risk-based security and compliance management solutions that enable organizations to effectively connect security to the business. Tripwire delivers foundational security controls like security configuration management, file integrity monitoring, log and event management, vulnerability management, and security business intelligence with performance reporting and visualization. u
TESCAP2r 201306