"Microsoft recognizes the importance of supporting industry standards. For our public sector and government customers, it is important to add support for SCAP-compliant reporting formats. System Center Configuration Manager 2007 provides a strong collection of core functionalities for hardware and software inventory, as well as robust reporting services and the ability to define, deploy, and measure configuration baselines in a managed environment. By adding the SCAP reporting format support to System Center Configuration Manager, organizations can meet FDCC mandates for compliance reporting," said Jeff Wettlaufer, technical product manager, System Center marketing at Microsoft Corp.

The Microsoft team worked diligently to meet the complex requirements of the FDCC (Federal Desktop Core Configuration) scanning tool. The System Center Configuration Manager Extensions for SCAP is an add-on to System Center Configuration Manager.

Steve Weingart, who leads the testing effort for atsec, comments: "Working with the Microsoft development team was a great experience. At each step the Microsoft team spared no effort to ensure that the tool met the long and complex list of NIST SCAP requirements. The best part about the tool is that it is integrated into the Windows Server environment making it extremely easy to map mixed Windows XP and Windows Vista systems in a domain to the appropriate SCAP configuration for each. In addition, report management from either the client or the server is easy."

The Information Security Automation Program/Security Content Automation Protocol (SCAP) is a U.S. government initiative to enable automation and standardization of technical security operations. atsec information security is an accredited validation laboratory under NVLAP (National Voluntary Laboratory Accreditation Program).

For more information on the product, please refer to http://www.microsoft.com/systemcenter/configurationmanager/en/us/default.aspx.

About atsec information security

atsec information security is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich, Germany in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, and China.

atsec offers secure code review, ISO/IEC 27001 ISMS consulting, and penetration testing and scanning services as well as being a QSA and ASV.

atsec also offers evaluation and testing services leading to formal certification for IT security including evaluation under Common Criteria schemes in the U.S., Germany, and Sweden; cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada.

Atsec works with such leading global companies as IBM, Apple, Microsoft, Hewlett-Packard, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf.

A service of YellowBrix, Inc.