U.S Security Content Automation Protocol Validated Products List

List of products that have been validated by NIST as conforming to the Security Content Automation Protocol (SCAP) and its component standards.

The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas. Community participation is a great strength for SCAP, because the security automation community ensures the broadest possible range of use cases is reflected in SCAP functionality.


Security Content Automation Protocol (SCAP) Validated Products
Product Vendor
Product Name
SCAP Validations
Security Analysis Solution
Security Configuration and Vulnerability Management Pack
BMC Automation Server
BMC BladeLogic Client Automation
CA IT Client Manager
CIS - Configuration Audit Tool
Core IMPACT Professional
Frontline Vulnerability Manager
Dell KACE K1000 System Management Appliance
Greenbone Networks GmbH Greenbone Security Manager
SCAP Scanner
LANDesk Patch Manager 9.0 Extensions for Federal Desktops
LANDesk Security Suite 9.0 Extensions for Federal Desktops
Patchlink Security Configuration Management for Patchlink Update
PatchLink Security Configuration Management for PatchLink Scan
Policy Auditor
Vulnerability Manager
System Center Configuration Manager Extensions for SCAP
Configuration Compliance Manager
NetIQ Secure Configuration Manager
Prism Microsystems Inc. EventTracker Enterprise
QualysGuard FDCC Scanner
Vulnerability Scanner
Shavlik Security Suite: NetChk Configure
Shavlik Security Suite: NetChk Protect
Enterprise Trust Server
SCAP Compliance Checker
policy management Control Compliance Suite
Symantec Risk Automation Suite
Xacta IA Manager (Xacta HostInfo)
Xacta IA Manager Continuous Assessment
Security Center
Secutor Magnus with ThreatView
Secutor Prime
Tripwire Enterprise
Resolution Manager
VMware vCenter Protect Essentials Government Edition (with SCAP Processor)