SOURCE: Lumension Security

July 14, 2008 18:15 ET

Lumension Security Achieves SCAP Validation for Accurate Assessment of FDCC Security Best Practices

Company's Comprehensive Vulnerability Management Solution Automates Configuration and Security Assessment to Meet Stringent Government Standards and Reduce Compliance Costs

SCOTTSDALE, AZ--(Marketwire - July 14, 2008) - Lumension Security™, Inc., a global leader in security management, today announced the Security Content Automation Protocol (SCAP) Scanner validation of the company's market-leading Vulnerability Management Solution. One of the first IT security providers to attain SCAP Validation from the National Institute of Standards and Technology (NIST), Lumension Security has achieved this validation in the stringent Federal Desktop Core Configuration (FDCC) Scanning category for its commitment to enforcing stronger security and hardened Windows endpoint configurations within the U.S. government IT environment.

"Like all government agencies, we are not only faced with specific, mandated endpoint configuration requirements but are required to use SCAP-validated tools to verify, validate and demonstrate compliance against FDCC requirements," said David Campbell, ASUS Program Manager, NASA. "Using SCAP-ready solutions is a priority for NASA, allowing us to reduce exposure to operational and financial risk by standardizing endpoint and application configurations based on industry best practices. Not only does the SCAP-validated Security Configuration solution reduce the cost of system and application maintenance, but it gives us a top-down baseline of the security environment for standardizing and automating risk management, compliance reporting and security measurement."

In March 2007, the U.S. Office of Management and Budget (OMB) mandated that all government organizations adopt FDCC best practice recommendations for Microsoft XP and Vista desktops and laptops. Federal agencies must utilize SCAP-validated tools to verify and then continuously monitor their desktop configurations for FDCC compliance.

In support of the OMB initiative, Lumension's Vulnerability Management Solution is designed on SCAP standards to securely and cost-effectively manage the entire vulnerability lifecycle. Features include:

--  Agent-based and agentless risk assessment of software flaws and
    configuration vulnerabilities
--  Accurate remediation
--  Continuous validation
--  Policy compliance reporting

The solution provides automated compliance reporting based on FDCC security best practices and supports interoperability between security technologies based on NIST's common security content format requirements. By achieving SCAP FDCC Scanner validation, Lumension guarantees accurate FDCC auditing for Federal agencies and prevents them from having to manually implement the mandated configuration requirements.

"By standardizing and automating secure configuration settings, government agencies not only benefit from significant security threat reduction, but also realize considerable cost savings from a decrease in system and application maintenance fees," said Steven Antone, vice president, federal solutions at Lumension Security. "With its SCAP validation, agencies can rely on Lumension's Vulnerability Management Solution as a cost-effective way to continuously monitor their systems, verify that the FDCC standardized settings have not been altered, and remediate both software and configuration vulnerabilities if necessary to mitigate the threats associated with mis-configured endpoints."

Lumension's Vulnerability Management Solution provides a comprehensive list of NIST's SCAP policies with hundreds of defined checks, allowing organizations to quickly evaluate their security posture and determine what must be fixed to meet a given standard. In addition, customized templates ensure that assessments are tailored to the various compliance policies that fit an organization's specific requirements. The solution streamlines this process by facilitating the simple importing and exporting of policies across multiple Vulnerability Management Servers, enabling the same policy documents to be shared by network scanner and agent-based assessment. This eliminates the need to manage and interpret a wide range of different policies and results from non-integrated scanners and agents.

More information about SCAP-validated products can be found at More information on Lumension's Vulnerability Management Solution is available at

About Lumension Security™, Inc.

Lumension Security™, formed by the combination of PatchLink® Corporation and SecureWave® S.A., is a recognized, global security management company, providing unified protection and control of enterprise endpoints for more than 5,100 customers and 14 million nodes worldwide. Leveraging its proven Positive Security Model, Lumension Security enables organizations to effectively manage risk at the endpoint by delivering best-of-breed, policy-based solutions that simplify the entire security management lifecycle. This includes automated asset discovery, vulnerability assessment, remediation and validation; security configuration management; application control and device control; extensive policy compliance reporting; and integration with leading network access control solutions. Headquartered in Scottsdale, Arizona, Lumension has offices worldwide. PatchLink, now Lumension, was founded in 1991 by Sean Moshir. More information can be found at

Lumension Security, the Lumension logo, PatchLink® and Sanctuary® are trademarks or registered trademarks of Lumension Security. All other trademarks are the property of their respective owners.

Contact Information