This is a potential security issue, you are being redirected to https://csrc.nist.gov.
You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.
This webpage contains a list of products and modules that have been validated by NIST as conforming to the Security Content Automation Protocol (SCAP) and its component standards. SCAP validated products and modules have completed formal testing at an NVLAP accredited laboratory and meet all requirements as defined in NIST IR 7511. A module is defined as a software component that may be embedded in another product. If an SCAP module is a component of another product, contact the module vendor to identify products that integrate the SCAP validated module. ...
Follow the links from the table below to see a full description of the products validation information, tested platforms, and status. Please visit the SCAP validation program and the SCAP Validation FAQ webpages for a description of the validation process and information about SCAP capabilities, validated products and modules. For more information related to SCAP, please visit https://scap.nist.gov
Please visit the SCAP validation program webpage for a description of the validation process and information on the SCAP capabilities referenced in the table below. For more information relating to SCAP please visit https://scap.nist.gov .
The U.S. Office of Management and Budget has required, in the August 11, 2008, M-08-22 memorandum to Federal CIOs, that "Both industry and government information technology providers must use SCAP validated tools with FDCC Scanner capability to certify their products operate correctly with FDCC configurations and do not alter FDCC settings. Agencies will use SCAP tools to scan for both FDCC configurations and configuration deviations approved by department or agency accrediting authority. Agencies must also use these tools when monitoring use of these configurations as part of FISMA continuous monitoring."
Situational Awareness and Incident Response SmartBUY
| Product Vendor | Product Name | Validation Date |
|---|---|---|
| HCL Logo |
HCL BigFix |
08/27/2025 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 10 SP0 64-bit
Red Hat Enterprise Linux 7 64-bit |
|
| SCC Logo |
SCAP Compliance Checker |
11/04/2022 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 10 SP0 32-bit
Microsoft Windows 10 SP0 64-bit Microsoft Windows Server 2012 R2 SP0 64-bit Red Hat Enterprise Linux 7 64-bit Apple Mac OS 10.11 (OS X El Capitan) |
|
| BMC Logo |
BMC Client Management |
06/01/2022 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, SP1, 64-bit
Microsoft Windows 8.1 SP0 64-bit Microsoft Windows 10 SP0 64-bit Microsoft Windows Server 2012 R2 SP0 64-bit Red Hat Enterprise Linux 6 64-bit Red Hat Enterprise Linux 7 64-bit |
|
| McAfee Logo |
McAfee Policy Auditor |
04/20/2021 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, SP1, 32-bit
Microsoft Windows 7, SP1, 64-bit |
|
| JOVAL Logo |
Arctic Wolf Risk Scan Engine |
12/24/2020 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, SP1, 32-bit
Microsoft Windows 7, SP1, 64-bit Microsoft Windows Vista, SP2 Microsoft Windows 8.1 SP0 32-bit Microsoft Windows 8.1 SP0 64-bit Microsoft Windows 10 SP0 32-bit Microsoft Windows 10 SP0 64-bit Microsoft Windows Server 2012 R2 SP0 64-bit Red Hat Enterprise Linux 6 32-bit Red Hat Enterprise Linux 6 64-bit Red Hat Enterprise Linux 7 64-bit Apple Mac OS 10.11 (OS X El Capitan) |
The General Services Administration is requiring SCAP validation within blanket purchase agreements for vulnerability and configuration management products (Solicitation Number: Reference-Number-QTA0-08-HC-B-0003 ).
| Product Vendor | Product Name | Validation Date |
|---|---|---|
| Rapid 7 Logo |
Nexpose 6 |
03/29/2017 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows Vista, SP2, 32-bit |
|
| Red Hat®, Inc. |
OpenSCAP 1 |
02/22/2017 |
|
SCAP Capabilities: Product / Module Validation: |
Red Hat Enterprise Linux 6.8, 32-bit
Red Hat Enterprise Linux 6.8, 64-bit Red Hat Enterprise Linux 7.2, 64-bit |
|
| ThreatGuard Logo |
Secutor Compliance Automation Toolkit (S-CAT) 5 |
12/13/2016 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows XP Professional, SP3, 32-bit
Microsoft Windows Vista, SP2, 32-bit Microsoft Windows 7, SP1, 32-bit Microsoft Windows 7, SP1, 64-bit Microsoft Windows 8.1, 32-bit Microsoft Windows 8.1, 64-bit Microsoft Windows Server 2012, 64-bit Red Hat Enterprise Linux 5.9, 32-bit Red Hat Enterprise Linux 5.9, 64-bit Red Hat Enterprise Linux 6.7, 32-bit Red Hat Enterprise Linux 6.7, 64-bit Red Hat Enterprise Linux 7.2, 64-bit |
|
| SPAWAR Logo |
SCAP Compliance Checker 4 |
08/26/2016 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, 64-bit
Microsoft Windows Server 2012, 64-bit Red Hat Enterprise Linux 6.8, 32-bit (x86) Red Hat Enterprise Linux 7.2, 64-bit (x64) |
|
| IBM Logo |
IBM BigFix Compliance 9.2 |
06/09/2016 |
|
SCAP Capabilities: Product / Module Validation: |
Red Hat Enterprise Linux 5.11, 64-bit
Red Hat Enterprise Linux 5.11, 32-bit |
|
| Rapid 7 Logo |
Nexpose 6 |
05/09/2016 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows XP Professional SP3, 32-bit
Microsoft Windows Vista SP1, 32-bit |
|
| Microsoft Logo |
SCAP Extensions for Microsoft System Center Configuration Manager 3.0 |
09/28/2015 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, 64-bit
Microsoft Windows 7, 32-bit |
|
| Tenable Logo |
Security Center 5 |
08/25/2015 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, 64-bit
Microsoft Windows 7, 32-bit Microsoft Windows Vista, SP2, 32-bit Microsoft Windows XP Pro, SP3, 32-bit Red Hat Enterprise Linux 5.10, 64-bit Red Hat Enterprise Linux 5.10, 32-bit |
|
| ThreatGuard Logo |
Secutor Prime 5 |
04/21/2015 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows XP Professional SP3, 32-bit |
|
| Qualys Logo |
Qualys SCAP Auditor 1.2 |
02/26/2015 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, 64-bit
Microsoft Windows 7, 32-bit Red Hat Enterprise Linux 5.10, 64-bit Red Hat Enterprise Linux 5.10, 32-bit |
|
| SAINT Logo |
SAINT Security Suite 8 |
01/27/2015 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, 64-bit
Microsoft Windows 7, 32-bit Microsoft Windows Vista, SP2, 32-bit Microsoft Windows XP Pro, SP3, 32-bit Red Hat Enterprise Linux 5.9, 64-bit Red Hat Enterprise Linux 5.9, 32-bit |
|
| BMC Logo |
BMC Server Automation 8.6 |
12/30/2014 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, 64-bit
Red Hat Enterprise Linux 5.9, 64-bit |
|
| IBM Logo |
IBM Endpoint Manager 9 |
10/24/2014 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, 64-bit
Microsoft Windows 7, 32-bit |
|
| BMC Logo |
BMC Client Management 12.0.0 |
09/26/2014 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, 64-bit
Microsoft Windows 7, 32-bit Microsoft Windows Vista, SP2, 32-bit Microsoft Windows XP Pro, SP3, 32-bit Red Hat Enterprise Linux 5.9, 64-bit Red Hat Enterprise Linux 5.9, 32-bit |
|
| Intel Security McAfee Logo |
Policy Auditor 6.2 |
09/17/2014 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, 64-bit
Microsoft Windows 7, 32-bit Microsoft Windows Vista, SP2, 32-bit Microsoft Windows XP Pro, SP3, 32-bit Red Hat Enterprise Linux 5.9, 64-bit Red Hat Enterprise Linux 5.9, 32-bit |
|
| Red Hat®, Inc. |
OpenSCAP 1.0 |
04/17/2014 |
|
SCAP Capabilities: Product / Module Validation: |
Red Hat Enterprise Linux 5.9, 64-bit
Red Hat Enterprise Linux 5.9, 32-bit |
|
| CIS Logo |
CIS-CAT Pro Assessor (formerly Configuration Assessment Tool (CIS-CAT)) 3 |
03/24/2014 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, 64-bit
Microsoft Windows 7, 32-bit Microsoft Windows Vista, SP2, 32-bit Microsoft Windows XP Pro, SP3, 32-bit Red Hat Enterprise Linux 5, 64-bit Red Hat Enterprise Linux 5, 32-bit |
|
| Tripwire Logo |
Tripwire Enterprise 8 |
11/07/2013 |
|
SCAP Capabilities: Product / Module Validation: |
Microsoft Windows 7, 64-bit
Microsoft Windows 7, 32-bit Red Hat Enterprise Linux 5, 64-bit Red Hat Enterprise Linux 5, 32-bit |
NOTE: All SCAP 1.0 Validated Products Expired December 31, 2013.
SCAP Validation Inquiries
[email protected]
Security and Privacy: continuous monitoring, patch management, security automation, testing & validation, vulnerability management
SCAP 1.3 Validation SCAP 1.2 Validation SCAP Validated Products and Modules 148 HCL SCAP 1.3 Product Validation Record 147 SCC SCAP 1.3 Product Validation Record 146 BMC SCAP 1.3 Product Validation Record 145 McAfee SCAP 1.3 Product Validation Record 144 JOVAL6 SCAP 1.3 Product Validation Record SCAP Validation Resources SCAP Accredited Laboratories
SCAP Validation Inquiries
[email protected]
Security and Privacy: continuous monitoring, patch management, security automation, testing & validation, vulnerability management