IT Evaluation & Assessment
Security Content Automation Protocol (SCAP)
Consult our experts. We are happy to support you.
The Information Security Automation Program (ISAP), a U.S. government initiative to enable automation and standardization of technical security operations, combined a number of open standards used to enumerate software flaws and configuration issues to create the Security Content Automation Protocol (SCAP).
What atsec offers:
atsec US offers SCAP testing, evaluation, and validation support for products and modules through its accredited Cryptographic Security Testing (CST) laboratory (NVLAP Lab Code #200658-0):
- Laboratory conformance testing using NIST test suites
- Training for SCAP 1.3 requirements
- Assessment of test readiness
- Verification that an application does not change any SCAP 1.3 relevant settings
- Support for NIST validation of SCAP 1.3 testing
Authoritative websites:
More information:
Why our services are important to you:
The Office of Management and Budget (OMB) requires the use of SCAP validated scanners for the automation of federal desktop configuration management and compliance verification. Agencies and other organizations can automate much of their Federal Information Security Management Act (FISMA) technical security control compliance activities by regularly scanning information technology assets using SCAP checklists.
Downloads:
Further information for your certification journey.
Still have questions?
Can’t find what you’re looking for? Let’s talk!
Common Criteria Evaluation
The Common Criteria (CC), also known as ISO 15408, is an internationally recognized standard used to specify and assess the security of IT products.
Cryptographic Algorithm Testing
Testing that cryptographic algorithms are implemented correctly is a prerequisite for FIPS 140-3 cryptographic module testing and NIAP Common Criteria evaluations.
FIPS 140-3 Testing
FIPS 140-3 specifies requirements related to securely designing and implementing cryptographic modules, and compliance is increasingly mandatory worldwide.
The Information Security Provider
Read Our Latest Blog Articles
Learn the latest and greatest about information security. You’ll find insights and analyses of recent developments in technology and policy on our blog.
-
Guiding the Way through the World of Cyber Security
Roughly every five years, we refresh our website with a new appearance. As a precursor to our 25th anniversary in January 2025, we are thrilled to show the world our stylish, modern look. It is atsec’s firm belief that effective security assurance can only truly be accomplished when…
-
First SP800-140Br1 Compliant FIPS 140-3 Certificates
On July 11th, 2024, the first three FIPS 140-3 certificates for NIST’s SP800-140Br1 pilot program were posted on the NIST website. atsec information security was one of the labs that took part in the pilot program. SP 800-140Br1 specifies modifications of the methods to be used by a…
-
atsec has become an official GSMA member
atsec has become an official GSMA member. The GSMA represents the interests of mobile operators worldwide, uniting more than 750 operators with almost 400 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and internet companies, as well as organizations in adjacent…