Shavlik's Validated Security and Compliance Solutions Deliver Standardization

Benefits for Government and Commercial IT Organizations

(24.07.08) - Shavlik Technologies, the market leader in delivering software solutions that rapidly accelerate and continuously improve security and compliance readiness, announced that the Shavlik Security Suite has earned Security Content Automation Protocol (SCAP) validation, a U.S. government-mandated initiative for standards based security automation. The SCAP protocols enable security software technologies to exchange system configuration controls and vulnerability information in a standard format. This ensures that security-related content can be accurately and consistently processed within any SCAP-validated tool. SCAP validation gives government customers the freedom to select a best-of-breed solution that meets their needs and satisfies federal security initiatives and regulations. The Shavlik Security Suite delivers an SCAP Edition that is one of few SCAP-validated tools that simplifies and automates both assessment and remediation.

"The SCAP protocols help an organization in any industry to better define their security configuration boundaries," said Dorian Cougias, founder and lead analyst for Unified Compliance Framework. "Shavlik’s advanced discovery capabilities mean that you have immediate access to what operating system a machine is running, which is critical to setting configuration boundaries." The first real world application of the SCAP protocols is the Federal Desktop Core Configuration, or FDCC, that requires federal agencies to meet core configuration standards for desktop computers running Windows XP or Vista. By delivering a fully-automated solution, the Shavlik Security Suite increases the level of security while also reducing costs for maintaining systems and software applications.

"The Shavlik implementation offers one of the cleanest XML specifications for SCAP of all the products I’ve seen," added Cougias.

"Shavlik is committed to providing the most advanced and comprehensive security management solutions for Federal Government IT users who are facing a myriad of requirements and need a streamlined path to compliance," said Todd Rogers, director of federal sales, Shavlik Technologies. The Shavlik Security Suite provides a simplified and sustainable solution for agencies to generate and distribute approved system baseline configurations and security policies, and then prove compliance with those policies.

However, Shavlik leaders predict that government users are not the only organizations who will benefit from such solutions.

"While SCAP began as a U.S. government multi-agency initiative to help government agencies meet regulatory requirements such as FISMA and FDCC, the gains in operational efficiency and cost savings made by our simplification of complex network security using SCAP also provides substantial benefits for the commercial sector," said Mark Shavlik, president and CEO, Shavlik Technologies. "As other security vendors adopt SCAP, by mid-2009 we will see a larger number of products targeting the commercial sector which will deliver even more standards-based and interoperable, automated computer security protection to both government and commercial entities. One key driver of this is the automated remediation by our products based on the SCAP standards and template-based files from a large number of third party vendors, creating a community working together to provide solutions driven by the NIST SCAP/FDCC standards. This is a big win for all of us and a change the industry has needed for a long time. We are very excited to be an early and dedicated contributor to the process." (Shavlik Technologies: ma)