SOURCE: Citadel Security Software

June 01, 2005 08:00 ET

Citadel Security Software's Hercules Product Selected for NIST's Security Configuration Checklist for IT Products

Only Vulnerability Management Tool Included in First Release of Checklist

DALLAS, TX -- (MARKET WIRE) -- June 1, 2005 -- Citadel Security Software Inc. (NASDAQ: CDSS), a leader in enterprise vulnerability management and policy enforcement solutions for computer systems, today announced that its Hercules product has been selected for inclusion in the initial release of the National Institute for Standards and Technology ( NIST ) Security Configuration Checklist for IT Products in the vulnerability management category. The Computer Security Division of NIST in the United States Department of Commerce, in collaboration with the United States Department of Homeland Security, created the Security Configuration Checklist for IT Products to assist federal agencies with identifying proven products that meet the group's stringent security configuration guidelines in accordance with NIST Special Publication 800-53.

Following an evaluation and review process, Citadel Security Software's enterprise vulnerability management solution, Hercules, and its associated security configuration guide has been included in the vulnerability management category of the Checklist. Citadel joins other internationally recognized and industry leading technology companies such as Microsoft, IBM, Oracle, Cisco Systems, Juniper and Sun Microsystems, who are also participating in various categories of the Checklist program.

"The folks at NIST and particularly the Computer Security Division are an enormous resource to not only the federal government, but to all computer users. This effort to identify high quality and proven configuration guidelines for a variety of IT security tools and to provide access to a Checklist with that information is an important step toward improved information security for federal agencies and commercial organizations alike," stated Bob Dix, Citadel's Vice President for Government Affairs & Corporate Development and the former Staff Director for the House Government Reform Subcommittee on Technology and Information Policy. "Citadel congratulates NIST and the Computer Security Division on taking the initiative to evaluate and provide access to information about tools and products with the proven capability to improve the information security profile of federal agencies. We are pleased to support their efforts to provide leadership to the nation in critical infrastructure protection."

With the growing challenge of protecting information and data against inside and outside threats, Citadel has strong and growing collaborative relationships with multiple agencies and departments of the federal government. As a recognized industry leader in network and desktop vulnerability management and automated vulnerability remediation, Citadel applauds the efforts of agency leadership and particularly the talented CIOs and CISOs and their teams that are working diligently to operationalize IT security into the business processes and capital planning strategies of their organizations.

Hercules is widely recognized as the only vulnerability remediation solution in the marketplace that has been certified as Common Criteria EAL Level 3, recognized by the National Information Assurance Partnership (NIAP). Additionally, Hercules has been included as the only vulnerability remediation solution included in the SANS Institute's "What Works" in Internet Security program. Selection for the NIST Security Configuration Checklist provides further evidence of the commitment made by Citadel to the security and privacy of networks, systems, desktops and laptops in an effort to mitigate the challenges presented by all five major classes of exploitable vulnerabilities**.

**Unsecured accounts, misconfigurations, unnecessary services, backdoors, software defects

About NIST

Founded in 1901, the National Institute for Standards and Technology ( NIST ) is a non-regulatory federal agency within the U.S. Commerce Department's Technology Administration. NIST's mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. For more information about the Security Configuration Checklist for IT Products, visit

About Citadel

Citadel Security Software (NASDAQ: CDSS) delivers security solutions that enable organizations to manage risk, reduce threats and enforce compliance with security policies and regulations. Citadel's proven architecture provides a business process to manage the increasing volume, frequency and complexity of cyber security attacks. Citadel combines the world's largest active library of remediations spanning all classes of vulnerabilities with a proven delivery methodology to dramatically streamline vulnerability management and security compliance and provide ROI from the first use. Citadel solutions are used across the Department of Defense, at the Veterans Administration, and within other government and commercial organizations. For more information on Citadel, visit, or call 571-201-1000.

Safe Harbor/Forward-looking Statements:

This press release may contain forward-looking statements that are intended to be subject to the safe harbor protection provided by Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements relate to future events or future financial performance and involve known and unknown risks and uncertainties that may cause actual results or performance to be materially different from those indicated by any forward-looking statements. In some cases, you can identify forward-looking statements by terminology such as "forecast," "may," "will," "could," "should," "anticipate," "expect," "plan," "believe," "potential" or other similar words indicating future events or contingencies. Some of the things that could cause actual results to differ from expectations are: the economic and geopolitical environment; changes in the information technology spending trends; the uncertainty of funding of government and corporate information technology security projects; the variability of the product sales cycle, including longer sales cycles for government and large commercial contracts; the uncertainty that the company's prospective deals will result in final contracts; the potential changes in the buying decision makers during a customer purchasing cycle; the complexities in scope and timing for finalization of contracts; the fluctuations in product delivery schedules; a lack of Citadel operating history; uncertainty of product development and acceptance; uncertainty of ability to compete effectively in a new market; the uncertainty of profitability and cash flow of Citadel; intellectual property rights and dependence on key personnel; economic conditions; the continued impact of terrorist attacks, global instability and potential U.S. military involvement; the competitive environment and other trends in the company's industry; the effects of inflation; changes in laws and regulations; changes in the company's business plans, including shifts to new pricing models that may cause delays in licenses; interest rates and the availability of financing; liability, legal and other claims asserted against the company; labor disputes; the company's ability to attract and retain qualified personnel; and adjustments to the amounts presented in the unaudited financial tables as a result of the completion of the audit process. For a discussion of these and other risk factors, see the company's Annual Report on Form 10-KSB for the year ended December 31, 2004 and the company's Quarterly Report on Form 10-Q for the quarter ended March 31, 2005. All of the forward-looking statements are qualified in their entirety by reference to the risk factors discussed therein. These risk factors may not be exhaustive. The company operates in a continually changing business environment, and new risk factors emerge from time to time. Management cannot predict such new risk factors, nor can it assess the impact, if any, of such new risk factors on the company's business or events described in any forward-looking statements. The company disclaims any obligation to publicly update or revise any forward-looking statements after the date of this report to conform them to actual results.

Editors Note: Citadel is a trademark and Hercules® is a registered trademark of Citadel Security Software

Contact Information