Friday, March 13, 2015

Security Content Automation Protocol (SCAP) Compliance Checker

The SCAP Compliance Checker (SCC) is a Security Content Automation Protocol (SCAP) validated application developed by Space and Naval Warfare (SPAWAR) Systems Center Atlantic.   Version 4 has been officially released.

Obtaining the Software (DOD)
For Department of Defense (DOD) users with a valid Common Access Card (CAC), the software can be downloaded directly from DISA: http://iase.disa.mil/stigs/scap/index.html then scroll down to "SCAP Tools"

Obtaining the Software (Non-DOD)
For US Government Employees and contractors, the software can be obtained via the Office of Management and Budget (OMB) hosted MAX.omb.gov website. Users will be required to self-activate an account in order to obtain the files.

After registration, the software can be downloaded from:
https://max.omb.gov/community/x/KYRhKg

Alternate Method
SCC is available for any government employee or contractor to the US government; it is not available to the general public.

If you are unable to download SCC by one of the 2 primary methods above, the software can be requested by emailing: ssc_lant-scc@navy.mil . Please include the following in your request:
  1. US Federal agency you are supporting
  2. Government POC with .gov or .mil email address or Contract Number
Standards Supported - Platforms Supported:

SCAP Version: 1.0 - Windows XP & Server 2003
OVAL Version: 5.10.1 - Windows Vista & Server 2008
XCCDF Version: 1.1.4  - Windows 7 & Server 2008 R2
CPE Version: 2.2  - Windows 8 & Server 2012
CCE Version: 5.0 - Solaris 10
OCIL Version: 2.0 - Red Hat Enterprise Linux 4 & 5
DOD ARF Version: 0.41  - Debian Linux 5 & 6
Cyberscope Version: 1.0.0 Early Access Release - Mac OS X 10.6, 10.7