December 16, 2008 11:47 ET

NIST Certification Greenlights BigFix Security Configuration Management as End-to-End FDCC Solution

Real-Time Configuration Assessment and Automated Remediation at Government Scale

EMERYVILLE, CA--(Marketwire - December 16, 2008) - BigFix, Inc., a leader in high-performance enterprise systems and security management solutions, reports that its Security Configuration Management product has achieved another critical Secure Content Automation Protocol (SCAP) validation from the National Institute of Standards and Technology (NIST). The SCAP validation enables BigFix and designates system integrator and reseller partners to supply BigFix Security Configuration Management as an end-to-end solution to comply with Federal Desktop Core Configuration (FDCC) standards mandated by the Office of Management and Budget (OMB). BigFix becomes one of very few vendors to have achieved SCAP certification for Misconfiguration Remediation, and is the only one to bring BigFix's unique single-agent, single-infrastructure real-time visibility, automated remediation, and scalability to FDCC compliance projects.

"FDCC compliance has become an IT top priority for federal agencies for good reason," said James Hansen, BigFix director of security and compliance. "The FDCC standards implicitly recognize that maintaining standardized PC configurations is an important step any organization can take to secure computers against attack as well as lowering their cost of service, maintenance, and ownership. With this new SCAP certification in hand, federal IT managers have a clear path for acquiring the most advanced FDCC compliance solution on the market -- BigFix Security Configuration Management supplemented by ready-to-deploy FDCC compliance policies and now the ability to remediate non-compliant systems at an enterprise scale."

"This is great news for our federal clients," said Bruce Tucker, President of Patriot Technologies, a security solutions provider and strategic partner for BigFix. "FDCC compliancy is a top priority and the BigFix solution has many advantages. It is quickly deployed, has instantaneous visibility on eligible systems, automated remediation and it can manage as few as a hundred computers and up to hundreds of thousands."

End-to-End Compliance and Best Practices Solution

BigFix Security Configuration Management leverages the BigFix platform to provide government-grade scalability, real-time visibility, and continuous control across distributed desktop, laptop, and server computers. As a SCAP-validated vendor, BigFix can help federal agencies thoroughly and accurately report on system configurations and security posture as mandated by OMB Memorandum M-07-11 establishing the FDCC compliance program. The FDCC mandate requires all federal agencies to improve information security and reduce overall IT operating costs by implementing and maintaining standardized configurations for all Windows XP and Windows Vista systems installed in departments and agencies of the federal government. In addition, many state and local government agencies as well as private sector organizations have adopted the FDCC standards as best practices.

The BigFix Security Configuration Management solution enables federal agencies to easily, continuously, and cost-effectively meet requirements by providing assessment and enforcement of this standard on both desktop and mobile computers regardless of their connection to the network. BigFix also offers unrivalled scalability, with a single, low-cost solution to manage infrastructures from 100 to 100,000s of endpoints.

BigFix Security Configuration Management and associated FDCC compliance checklists are part of the Security Configuration and Vulnerability Management solution pack and are both available through the GSA schedule and designated BigFix government sector system integrator and reseller partners. To learn more about BigFix products, visit To learn more about BigFix solution partners, visit

NIST Certification Details

BigFix commissioned the DOMUS IT Security Laboratory to perform SCAP validation in conformance with NIST regulations. Based on DOMUS' findings, NIST has validated BigFix as an Authenticated Configuration Scanner, Authenticated Patch and Vulnerability Scanner, Misconfiguration Database, Misconfiguration Remediation, and Common Criteria Enumerator (CCE) component standard. This combined with existing Open Vulnerability and Assessment Language (OVAL), compatibility certification, and BigFix support for the Common Vulnerability Scoring System (CVSS), provides federal agencies with the necessary tools to manage the risks associated with threats and vulnerabilities that can impact computing devices.

About BigFix

Founded in 1997, BigFix®, Inc. is a leading provider of high-performance enterprise systems and security management solutions that revolutionizes the way IT organizations manage and secure their computing infrastructures. Based on a revolutionary architecture that distributes management intelligence directly to the computing devices themselves, BigFix is radically faster, scalable, more accurate and adaptive than legacy management software. Today, BigFix provides real-time visibility and control for over 8 million computing devices for 900 customers worldwide. The BigFix customer list counts many of the world's largest and most prestigious organizations in every industry including financial services, retail, education, manufacturing, and public sector agencies. More information can be found at

© 2008 BigFix, Inc. All rights reserved. All company and product names mentioned herein may be trademarks of their respective companies.

Contact Information

  • Press contact:
    Rosemary Wilson
    Citigate Cunningham for BigFix, Inc.
    Email Contact