The US National Institute of Standards and Technology has posted its first list of tools that conform to a new federal government rule for securing Microsoft Vista and XP desktops.
Three vendors -- Gideon Technologies, Secure Elements and ThreatGuard -- have products that have achieved the Security Content Automation Protocol (SCAP) compliance certification through successful evaluation at NIST-accredited labs (see product list here).
The U.S. Office of Management & Budget (OMB) last July directed NIST to establish the tools-testing program as part of its commitment requiring agencies to begin use the Federal Desktop Core Configuration standard by the end of February if they deploy Microsoft Windows Vista and XP. FDCC establishes guidelines for hundreds of configuration settings for security protection.
In its SCAP product validation list online, NIST notes that OMB states "information technology providers must use SCAP-validated tools as they become available, to certify their products do not alter these configurations, and agencies must use these tools when monitoring use of these configurations."
The SCAP validation list will be expanded as products from additional vendors successfully attain certification through the labs.