(Source: Business Wire)Rapid7, the leading provider of unified vulnerability management, compliance and penetration testing solutions, today announced that Rapid7 NeXpose has been validated as a Security Content Automation Protocol (SCAP) scanner. With its ability to locate thousands of threats across the broadest level of assets, Rapid7 NeXpose is now recognized by the National Institute of Standards and Technology (NIST) as a validated partner for the vulnerability scanning and evaluation of U.S. government networks.

SCAP is a method for using specific standards to enable automated vulnerability management, measurement and policy compliance evaluation (e.g. FISMA compliance) to assist with the challenge of managing the configurations and security settings of information systems. To increase adoption, the U.S. federal government (Office of Management and Budget) requires agencies to use SCAP-validated products for monitoring configurations and settings. The SCAP Validation Program, devised by the NIST, is designed to test the ability of products to use the features and functionality available through SCAP and its component standards.

To become SCAP validated, Rapid7 NeXpose was rigorously tested by an independent SCAP-accredited laboratory on its ability to determine the presence of known vulnerabilities by evaluating the target system over the network.

As a result of Rapid7 NeXpose's SCAP validation, government agencies and contractors now have a trusted vulnerability management solution known for its ability to scan the most complex network infrastructures, enterprise applications, operating systems, databases and Web applications. To reduce the time and cost associated with managing vulnerabilities, minimizing risk and achieving compliance, Rapid7 NeXpose provides the industry's first prioritized remediation reports based on threat level and with flexible risk scoring. Rapid7's products and services provide critical insight that help organizations comply with mandatory regulations, including the security requirements for PCI, HIPAA, FISMA, SOX and NERC.

"Government agencies face continuous sophisticated security attacks and it's clear that standards for security controls and content are vital to the safety and health of the nation's most complex IT infrastructures," said Mike Tuchen, president and CEO at Rapid7. "To that end, we're committed to providing the federal market with a strong vulnerability management solution that enables agencies to meet federal policies, while at the same time provides the best level of protection and reduces the complexity of compliance regulations. Achieving SCAP validation is another step in our partnership with the federal government."

Rapid7 was recently named an AlwaysOn OnDC Top 100 Winner in the Government & Security Services Category by the AlwaysOn editorial team and global industry experts as a result of its continued innovation, market potential and stakeholder value. Inclusion in the OnDC 100 signifies major developments in the creation of new business opportunities that contribute to the renewed and continued prosperity of our country.

About Rapid7

Rapid7 is the leading provider of unified vulnerability management, compliance, and penetration testing solutions, delivering actionable intelligence about an organization's entire IT environment. Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.

Recognized as the fastest growing vulnerability management company in the U.S. by Inc. Magazine, Rapid7 helps leading organizations such as Liz Claiborne, Southern Company, the United States Postal Service, the New York Times, Carnegie Mellon University and the National Nuclear Security Administration (NNSA) to mitigate risk and maintain compliance for regulations such as PCI, HIPAA, FISMA, SOX and NERC . Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world's largest database of public, tested exploits. For more information, visit www.rapid7.com.

A service of YellowBrix, Inc.