Fortra

Is Alert Logic's Vulnerability Scans SCAP (Security Content Automation Protocol) validated?

Answered

Comments

2 comments

  • Official comment
    Avatar
    Lindsey Stirneman

    Alert Logic is always evaluating the requirements of our customers to find security standards to support. With the shifting landscape of compliance and security standards, we review our list of supported standards on a regular basis. SCAP is one of those standards that is being evaluated for possible inclusion.

  • Avatar
    Malcolm Palmer

    The Alert Logic vulnerability scanning tools are not SCAP validated and not listed on the list of validated products and modules: 
    https://csrc.nist.gov/Projects/scap-validation-program/Validated-Products-and-Modules

    However, Alert Logic uses the SCAP Content Professional feed from SecPod (https://www.secpod.com/scap-feed/ ).   This feed with over 160,000 vulnerability checks is standards compliant with well-established standards, such as SCAP, STIX/TAXII.   Specifically, Alert Logic vulnerability checks are based on the SCAP feed for OVAL checks during authenticated and agent-based  scanning, as well as the NMAP Scripting Engine for network scanning.

    In addition, Alert Logic customers use the scanning capabilities in Fortra VM for PCI ASV scanning. Fortra completes an annual PCI certification for being a PCI Approved Scanning Vendor (ASV):  https://www.pcisecuritystandards.org/assessors_and_solutions/approved_scanning_vendors

     

    0

Please sign in to leave a comment.