This 2010-03-22 NeXpose release features compliance with SCAP criteria for an Unauthenticated Scanner product.
- This is a Security Content Automation Protocol (SCAP) validated product. SCAP is a collection of standards for expressing and manipulating security data so that it can be compared and leveraged among various security tools. New console reports, views, and data exchange options in this release ensure you can take full advantage of the SCAP Unauthenticated Scanner capabilities.
- You can view SCAP update information on the SCAP page, which you can access from the Administration page in console Web-based interface. Common Vulnerabilities and Exposures (CVE) identifiers and Common Vulnerability Scoring System (CVSS) Version 2 scores have always been available in this product. The SCAP capabilities in this release ensure that Common Platform Enumeration (CPE) names are integrated with CVSS and CVE data assigned to fingerprinted platforms and applications whenever corresponding CPE names are available. As a result, vulnerabilities can be tied directly to platforms and assets identified based on CPE names. This is of particular benefit to government agencies and subcontractors required to use SCAP tools.