An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News from around the Fleet

NIWC Atlantic Security Content Automation Protocol Compliance Checker Software for Public Use

16 March 2021

From Sara Corbett, NIWC Atlantic Public Affairs

NORTH CHARLESTON, S.C. - Naval Information Warfare Center Atlantic recently released Security Content Automation Protocol Compliance Checker software for public use.

Naval Information Warfare Center (NIWC) Atlantic recently released the Security Content Automation Protocol (SCAP) Compliance Checker (SCC) software, an application designed to automate security compliance checking using open source SCAP specifications, free for public use.

“Since 2008, our team has designed, developed and maintained the application updating SCAP feature support and adding feature requests based on end user feedback,” said Jack Vander Pol, SCC team lead.

The software, which was originally developed in 2008 by NIWC Atlantic for another government agency, was used to validate their computers to ensure they were compliant with National Institute of Standards and Technology’s (NIST) U.S. Government Configuration Baseline (USGCB). The USGCB provides security configuration for information technology products across the federal government.

In 2010, National Security Agency (NSA) offered to fund the research and development to enable the SCC to be more feature rich and production ready. Once the final steps were completed, Defense Information Systems Agency’s (DISA) Cyber Standards Branch took over the funding of SCC and has been funding SCC’s development and technical support since 2013.

SCAP is a method used to guard against cybersecurity threats by using a set of Extensible Markup language (XML) standards, primarily Extensible Configuration Checklist Description Format (XCCDF) and Open Vulnerability and Assessment Language (OVAL), which includes policy settings and technical instructions to perform automated checking.  XML is a method of defining data, similar to html, so that different programs can read the same file.

Due to the critical function the software performs, it is highly requested for use by other government agencies and contractors. To date, the SCC has nearly 3,000 registered end users from more than 200 different government agencies, and is used to review millions of computers to ensure they meet DISA’s Security Implementation Guide (STIG) requirements.

In the past, each request was reviewed and tracked, then the software was packaged and uploaded to a secure Department of Defense file exchange where the requestor could download it for use.

“It’s a time consuming process to release the software for every single request,” said Vander Pol. “So, in an effort to decrease the time and labor cost involved, DISA has requested we make the SCC application publicly available. Additionally, by providing the SCC for free to the public, we are providing a more secure cyber environment for everyone.”

DISA creates and publishes SCAP content to automate the verification of their STIGs, and DISA’s SCAP content is the primary content used with SCC, but it can be customized so that any user could install their SCAP content into SCC.

Brian Snodgrass from DISA cyber standards branch said, “The SCAP Compliance Checker has proved to be a valuable tool for DoD to improve and maintain its cybersecurity posture on multiple platforms across the DoD Information Network [DoDIN].”

 

To learn more about SCC, visit https://www.niwcatlantic.navy.mil/scap/.

As a part of Naval Information Warfare Systems Command, NIWC Atlantic provides systems engineering and acquisition to deliver information warfare capabilities to the naval, joint and national warfighter through the acquisition, development, integration, production, test, deployment, and sustainment of interoperable command, control, communications, computer, intelligence, surveillance, and reconnaissance, cyber and information technology capabilities.

 

Google Translation Disclaimer

  • Google Translate, a third party service provided by Google, performs all translations directly and dynamically.
  • Commander, U.S. Navy Region Korea, cnrk.cnic.navy.mil has no control over the features, functions, or performance of the Google Translate service.
  • The automated translations should not be considered exact and should be used only as an approximation of the original English language content.
  • This service is meant solely for the assistance of limited English-speaking users of the website.
  • Commander, U.S. Navy Region Korea, cnrk.cnic.navy.mil does not warrant the accuracy, reliability, or timeliness of any information translated.
  • Some items cannot be translated, including but not limited to image buttons, drop down menus, graphics, photos, or portable document formats (pdfs).
  • Commander, U.S. Navy Region Korea, cnrk.cnic.navy.mil does not directly endorse Google Translate or imply that it is the only language translation solution available to users.
  • All site visitors may choose to use similar tools for their translation needs. Any individuals or parties that use Commander, U.S. Navy Region Korea, cnrk.cnic.navy.mil content in translated form, whether by Google Translate or by any other translation services, do so at their own risk.
  • IE users: Please note that Google Translate may not render correctly when using Internet Explorer. Users are advised to use MS Edge, Safari, Chrome, or Firefox browser to take full advantage of the Google Translate feature.
  • The official text of content on this site is the English version found on this website. If any questions arise related to the accuracy of the information contained in translated text, refer to the English version on this website, it is the official version.

Commander, U.S. Navy Region Korea   |   PSC 478 Box 1   |   FPO AP, 96212-0001
Official U.S. Navy Website