CONFIDENCE: SECURED

DATASHEET

uu Tripwire

Enterprise can evaluate SCAP 1.0, 1.1 and 1.2-based content processing in their environment using Tripwires next-generation agent running the OVAL scanner plug-in. Federal agencies can test their own content, DISA, USGCB or other SCAP-compliant content on their Windows and Red Hat platforms. This makes it easy to comply with SCAP 1.2 standards, measure and automate continuous monitoring programs and helps solve the interoperability problems inherent in enterprise security.

TRIPWIRE ENTERPRISE AND SECURITY CONTENT AUTOMATION PROTOCOL (SCAP)

Security Content Automation Protocol (SCAP) is a set of standards and technical specifications used by U.S. Federal Government agencies to standardize the assessment of their security posture. It employs several different security methods, standards and protocols, ranging from the way security content is delivered to the way individual policies are tested and evaluated. SCAP also represents a NIST (National Institute of Standards and Technology) compliance program that validates vendor products for their ability to perform security examinations of government IT systems. Tripwire is the first configuration security vendor to achive NIST certification for SCAP 1.2. Tripwire has provided solutions of choice for performing exhaustive, detailed assessments of server and device security configurations for over 15 years. These new SCAP capabilities add to existing Tripwire Enterprise core competencies to make an improved solution for managing cyber securityspecifically for assessing FDCC (Federal Desktop Core Configuration) compatibility. Built on Tripwire Enterprises trusted IT security platform, the new capabilities blend SCAP-aligned improvements with traditional Tripwire Enterprise strengths. Differences between existing implementations and new SCAP-enabled implementations include:

Language differences: SCAP runs a

special language (based on XML files) called OVAL (Open Vulnerability Assessment Language). OVAL specifies the methods used in the assessment. Rules made in the SCAP OVAL format are more specific and complex than those normally found in Tripwire Enterprise. Format differences: SCAP is not proprietary, and in fact uses an open format for content interoperability called XCCDF (Extensible Checklist Configuration Description Format). That means SCAP tests and results can be used on any SCAP-validated product, and that different groups (i.e. government agencies) can share SCAP policies. CyberScope is the Office of Management and Budget standard format for reporting XCCDF data, which provides the ability to roll up compliance reporting from across government offices. Specificity: Unlike Tripwire Enterprises native configuration assessment capabilities, the new SCAP capabilities specify additional test states that include more than pass/ fail. Tests can be reported as error,

RISK-BASED SECURITY MANAGEMENT SOLUTIONS

not applicable, unknown, and not evaluated. Open Source Content: Tripwire Enterprises SCAP feature imports SCAP content that is published freely from NIST and submitted by an open source volunteer community. As part of the new SCAP 1.2 functionality, Tripwire Enterprise users can easily import content bundles from NIST that assess their target machine against:

Once the tests have been executed against the target machine, Tripwire Enterprise users can easily examine detailed policy tests and export them in the common XCCDF format or ARF (Asset Recording Format). With Tripwire Enterprises new SCAP capabilities, users in federal government IT groups now have a solution that is a validated as an Authenticated Configuration Scanner along with the CVE option that makes it easy to assess security settings across their critical infrastructure. And because this capability is built on top of an industry-trusted solution for file integrity monitoring, policy management and automated

remediation, they have added assurance that their SCAP content is leveraged, in real time, to its fullest extent.

Windows XP system standards Windows Vista system standards Internet Explorer 7 implementations Windows firewall setting standards Red Hat Enterprise Linux

uu Tripwire

is a leading global provider of risk-based security and compliance management solutions that enable organizations to effectively connect security to the business. Tripwire delivers foundational security controls like security configuration management, file integrity monitoring, log and event management, vulnerability management, and security business intelligence with performance reporting and visualization. u

LEARN MORE AT WWW.TRIPWIRE.COM OR FOLLOW US @TRIPWIREINC ON TWITTER.

2013 Tripwire, Inc. Tripwire is a registered trademarks of Tripwire, Inc. All other product and company names are property of their respective owners. All rights reserved.

TESCAP2r 201306