By Capability List
All organizations participating in the OVAL Adoption Program are listed below, including those that have completed the process and those with declarations to adopt OVAL.
Authoring Tool | Definition Evaluator | Definition Repository | Results Consumer | System Characteristics Producer
OVAL Authoring Tool
| Product (11) | Organization (10) | Type | Country (5) |
Status
|
|---|---|---|---|---|
| SSA - Security System Analyzer | ToolsWatch | Security Scanner and Compliance Assessment Software | France |
 |
| TPOL - OVAL Security Compliance | Inverse Path S.r.l. | Vulnerability, Patch, and Compliance Assessment | Italy |
 |
| McAfee Policy Auditor | McAfee, Inc. | Automated Vulnerability Remediation | United States |
 |
| ADTsys Cloud Security | ADTsys Software | Cloud Security | Brazil | Declaration |
| ATM Information Security Workflow | ATM Software sp. z o.o. | Workflow for server/software lifecycle management with OVAL repository and vulnerability assessment. | Poland | Declaration |
| Catbird vSecurity | Catbird Networks, Inc. | Security Service | United States | Declaration |
| eSCAPe - Enhanced SCAP Editor | G2, Inc. | OVAL Authoring Tool | United States | Declaration |
| IT Dashboard | Security-Database | Web-Based IT Vulnerability and Threats Dashboard | France | Declaration |
| Microsoft Security Compliance Manager | Microsoft Corporation | Security and Compliance Knowledge Management | United States | Declaration |
| SSA - Security System Analyzer | Security-Database | Security Scanner and Compliance Assessment Software | France | Declaration |
| Symantec Risk Automation Suite | Symantec Corporation | Enterprise Configuration, Vulnerability, Risk, and Compliance Management | United States | Declaration |
OVAL Definition Evaluator
| Product (50) | Organization (39) | Type | Country (13) |
Status
|
|---|---|---|---|---|
| Crystal Security Keeper (CSK) | Institute for Information Industry - CyberTrust Technology Institute | Vulnerability Assessment, Configuration Management, Auditing and Centralized Audit Validation | Taiwan |
 |
| Retina Network Security Scanner | Beyond Trust | Vulnerability Assessment Tool | United States |
 |
| SSA - Security System Analyzer | ToolsWatch | Security Scanner and Compliance Assessment Software | France |
|
| TPOL - OVAL Security Compliance | Inverse Path S.r.l. | Vulnerability, Patch, and Compliance Assessment | Italy |
|
| Center for Internet Security Configuration Assessment Tool (CIS-CAT) | Center for Internet Security | Host-Based Configuration Assessment Tool | United States |
 |
| Greenbone Security Manager | Greenbone Networks GmbH | Vulnerability Management | Germany |
 |
| jOVAL Definition Interpreter (jovaldi) | jOVAL.org | Open Source, Java-based OVAL Definition Interpreter | United States |
 |
| McAfee Network Access Control | McAfee, Inc. | Network Connection Health Check, Auditing and Centralized Audit Validation, Configuration Management, Patch Management | United States |
 |
| McAfee Policy Auditor | McAfee, Inc. | Automated Vulnerability Remediation | United States |
|
| McAfee Vulnerability Manager | McAfee, Inc. | Vulnerability Management and Risk Mitigation | United States |
 |
| MyJVN Security Configuration Checker | Information-technology Promotion Agency, Japan (IPA) | Configuration Management | Japan |
 |
| MyJVN Version Checker | Information-technology Promotion Agency, Japan (IPA) | Vulnerability Assessment | Japan |
 |
| NopSec Vulnerability Risk Management (VRM) | NopSec, Inc. | Vulnerability Risk Management | United States |
 |
| OpenVAS | OpenVAS | Vulnerability Management | Germany |
 |
| ORCA | GCP Global | Governance, Risk, and Compliance (GRC) Solution | Mexico |
 |
| RedCheck | Altex-Soft | Vulnerability, Patch, and Compliance Assessment | Russia |
 |
| SAINT Vulnerability Scanner | SAINT Corporation | Vulnerability Assessment | United States |
 |
| SCAP Compliance Checker | SPAWAR Systems Center Atlantic | OVAL Definition Evaluator | United States |
 |
| SecPod Saner | SecPod Technologies | Vulnerability Management | India |
 |
| Security-Database OVAL Repository | Security-Database | Web-Based OVAL Repository Database | France |
 |
| Secutor Compliance Automation Toolkit (S-CAT) | ThreatGuard, Inc. | Universal, Integratable SCAP Assessment Module | United States |
 |
| Secutor Magnus | ThreatGuard, Inc. | Enterprise SCAP Compliance/Vulnerability Management System | United States |
 |
| Secutor Prime | ThreatGuard, Inc. | Desktop Compliance/Vulnerability Assessment Tool | United States |
 |
| SIX OVAL | National Institute of Advanced Industrial Science and Technology (AIST) | Enterprise Compliance/Vulnerability Management | Japan |
 |
| Tripwire Enterprise | Tripwire, Inc. | Security Configuration Management | United States |
 |
| ADTsys Cloud Security | ADTsys Software | Cloud Security | Brazil | Declaration |
| Arellia Security Analysis Solution | Arellia Corporation | Security Configuration Management | United States | Declaration |
| Armadillo | U.S. Army CERDEC | Vulnerability Assessment and Remediation | United States | Declaration |
| ATM Information Security Workflow | ATM Software sp. z o.o. | Workflow for server/software lifecycle management with OVAL repository and vulnerability assessment. | Poland | Declaration |
| AVDS | Beyond Security Ltd. | Automated Vulnerabilities Scanner | Israel | Declaration |
| Catbird vSecurity | Catbird Networks, Inc. | Security Service | United States | Declaration |
| FusionVM Enterprise Vulnerability Management System | Critical Watch | Enterprise Vulnerability Management System | United States | Declaration |
| HP Client Automation | Hewlett-Packard Development Company, L.P. | Application Management | United States | Declaration |
| HP Server Automation | Hewlett-Packard Development Company, L.P. | Enterprise Server/Application Lifecycle Management | United States | Declaration |
| IT Dashboard | Security-Database | Web-Based IT Vulnerability and Threats Dashboard | France | Declaration |
| MODSIC Project | Modulo Security Solutions | OVAL Collector Service | United States | Declaration |
| Modulo Risk Manager | Modulo Security Solutions | Governance, Risk Management, and Compliance (GRC) Management | United States | Declaration |
| NetIQ Secure Configuration Manager | NetIQ Corporation | Enterprise Security Configuration Assessment | United States | Declaration |
| SCAP Extension for System Center Configuration Manager 2007 | Microsoft Corporation | Enterprise Configuration Management | United States | Declaration |
| Secure Auditor | Secure Bytes Corporation | Automated Auditing Software | United States | Declaration |
| SecureVue | eIQnetworks, Inc. | Unified Situational Awareness Platform | United States | Declaration |
| Security Scanning SDK | Pivotal Security LLC | OVAL Definition Evaluator | United States | Declaration |
| SSA - Security System Analyzer | Security-Database | Security Scanner and Compliance Assessment Software | France | Declaration |
| SUSE Manager 1.7 | SUSE | Linux Patch and Configuration Management | United States | Declaration |
| Symantec Control Compliance Suite | Symantec Corporation | Automated Risk and Policy Compliance Management | United States | Declaration |
| Symantec Risk Automation Suite | Symantec Corporation | Enterprise Configuration, Vulnerability, Risk, and Compliance Management | United States | Declaration |
| Triumfant Resolution Manager | Triumfant, Inc. | Vulnerability, Patch, and Compliance Assessment | United States | Declaration |
| Xacta IA Manager Continuous Assessment | Telos Corporation | Certification and Accreditation Solution | United States | Declaration |
| Xacta IA Manager HostInfo | Telos Corporation | Certification and Accreditation Solution | United States | Declaration |
OVAL Definition Repository
| Product (25) | Organization (23) | Type | Country (9) |
Status
|
|---|---|---|---|---|
| Crystal Security Keeper (CSK) | Institute for Information Industry - CyberTrust Technology Institute | Vulnerability Assessment, Configuration Management, Auditing and Centralized Audit Validation | Taiwan |
|
| SSA - Security System Analyzer | ToolsWatch | Security Scanner and Compliance Assessment Software | France |
|
| Altex-Soft Ovaldb | Altex-Soft | Web-Based OVAL Repository Database | Russia |
 |
| MyJVN API | Information-technology Promotion Agency, Japan (IPA) | Vulnerability Assessment and Configuration Management | Japan |
 |
| Positive Technologies OVAL Repository | Positive Technologies CJSC | OVAL Definition Repository | Russia |
 |
| Red Hat Security Advisories | Red Hat, Inc. | Advisory Capability | United States |
 |
| SecPod SCAP Feed | SecPod Technologies | OVAL Repository | India |
 |
| Security-Database OVAL Repository | Security-Database | Web-Based OVAL Repository Database | France |
|
| ADTsys Cloud Security | ADTsys Software | Cloud Security | Brazil | Declaration |
| Armadillo | U.S. Army CERDEC | Vulnerability Assessment and Remediation | United States | Declaration |
| ATM Information Security Workflow | ATM Software sp. z o.o. | Workflow for server/software lifecycle management with OVAL repository and vulnerability assessment. | Poland | Declaration |
| Catbird vSecurity | Catbird Networks, Inc. | Security Service | United States | Declaration |
| Cisco Product Security Incident Response Team (PSIRT) Security Advisories and Vulnerability Disclosures | Cisco Systems, Inc. | Cisco Repository of OVAL Content | United States | Declaration |
| DoD SCAP Content Repository | Defense Information Systems Agency Field Security Operations (DISA FSO) | SCAP Content Repository | United States | Declaration |
| HP Live Network | Hewlett-Packard Development Company, L.P. | Content Repository | United States | Declaration |
| IT Dashboard | Security-Database | Web-Based IT Vulnerability and Threats Dashboard | France | Declaration |
| Microsoft Security Compliance Manager | Microsoft Corporation | Security and Compliance Knowledge Management | United States | Declaration |
| Modulo Risk Manager | Modulo Security Solutions | Governance, Risk Management, and Compliance (GRC) Management | United States | Declaration |
| SCAP Sync | Lunarline, Inc. | SCAP Content Repository and API | United States | Declaration |
| Secure Auditor | Secure Bytes Corporation | Automated Auditing Software | United States | Declaration |
| SecureVue | eIQnetworks, Inc. | Unified Situational Awareness Platform | United States | Declaration |
| SSA - Security System Analyzer | Security-Database | Security Scanner and Compliance Assessment Software | France | Declaration |
| SUSE Linux Enterprise OVAL Information | SUSE | Database | United States | Declaration |
| Symantec Risk Automation Suite | Symantec Corporation | Enterprise Configuration, Vulnerability, Risk, and Compliance Management | United States | Declaration |
OVAL Results Consumer
| Product (32) | Organization (26) | Type | Country (9) |
Status
|
|---|---|---|---|---|
| Crystal Security Keeper (CSK) | Institute for Information Industry - CyberTrust Technology Institute | Vulnerability Assessment, Configuration Management, Auditing and Centralized Audit Validation | Taiwan |
|
| SSA - Security System Analyzer | ToolsWatch | Security Scanner and Compliance Assessment Software | France |
|
| Greenbone Security Manager | Greenbone Networks GmbH | Vulnerability Management | Germany |
|
| NopSec Vulnerability Risk Management (VRM) | NopSec, Inc. | Vulnerability Risk Management | United States |
|
| OpenVAS | OpenVAS | Vulnerability Management | Germany |
|
| ORCA | GCP Global | Governance, Risk, and Compliance (GRC) Solution | Mexico |
|
| Security-Database OVAL Repository | Security-Database | Web-Based OVAL Repository Database | France |
|
| Secutor Compliance Automation Toolkit (S-CAT) | ThreatGuard, Inc. | Universal, Integratable SCAP Assessment Module | United States |
|
| Secutor Magnus | ThreatGuard, Inc. | Enterprise SCAP Compliance/Vulnerability Management System | United States |
|
| Secutor Prime | ThreatGuard, Inc. | Desktop Compliance/Vulnerability Assessment Tool | United States |
|
| Tripwire Enterprise | Tripwire, Inc. | Security Configuration Management | United States |
|
| ADTsys Cloud Security | ADTsys Software | Cloud Security | Brazil | Declaration |
| Agiliance RiskVision | Agiliance | Big Data Risk Management Software | United States | Declaration |
| Arellia Security Analysis Solution | Arellia Corporation | Security Configuration Management | United States | Declaration |
| ATM Information Security Workflow | ATM Software sp. z o.o. | Workflow for server/software lifecycle management with OVAL repository and vulnerability assessment. | Poland | Declaration |
| AVDS | Beyond Security Ltd. | Automated Vulnerabilities Scanner | Israel | Declaration |
| Catbird vSecurity | Catbird Networks, Inc. | Security Service | United States | Declaration |
| FusionVM Enterprise Vulnerability Management System | Critical Watch | Enterprise Vulnerability Management System | United States | Declaration |
| IT Dashboard | Security-Database | Web-Based IT Vulnerability and Threats Dashboard | France | Declaration |
| Modulo Risk Manager | Modulo Security Solutions | Governance, Risk Management, and Compliance (GRC) Management | United States | Declaration |
| NetIQ Secure Configuration Manager | NetIQ Corporation | Enterprise Security Configuration Assessment | United States | Declaration |
| Secure Auditor | Secure Bytes Corporation | Automated Auditing Software | United States | Declaration |
| SecureVue | eIQnetworks, Inc. | Unified Situational Awareness Platform | United States | Declaration |
| Security Scanning SDK | Pivotal Security LLC | OVAL Definition Evaluator | United States | Declaration |
| SSA - Security System Analyzer | Security-Database | Security Scanner and Compliance Assessment Software | France | Declaration |
| SUSE Manager 1.7 | SUSE | Linux Patch and Configuration Management | United States | Declaration |
| Symantec Control Compliance Suite | Symantec Corporation | Automated Risk and Policy Compliance Management | United States | Declaration |
| Symantec Risk Automation Suite | Symantec Corporation | Enterprise Configuration, Vulnerability, Risk, and Compliance Management | United States | Declaration |
| Triumfant Resolution Manager | Triumfant, Inc. | Vulnerability, Patch, and Compliance Assessment | United States | Declaration |
| Xacta IA Manager Assessment Engine | Telos Corporation | Certification and Accreditation Solution | United States | Declaration |
| Xacta IA Manager Continuous Assessment | Telos Corporation | Certification and Accreditation Solution | United States | Declaration |
OVAL System Characteristics Producer
| Product (39) | Organization (31) | Type | Country (8) |
Status
|
|---|---|---|---|---|
| Retina Network Security Scanner | Beyond Trust | Vulnerability Assessment Tool | United States |
|
| SSA - Security System Analyzer | ToolsWatch | Security Scanner and Compliance Assessment Software | France |
|
| Center for Internet Security Configuration Assessment Tool (CIS-CAT) | Center for Internet Security | Host-Based Configuration Assessment Tool | United States |
|
| Greenbone Security Manager | Greenbone Networks GmbH | Vulnerability Management | Germany |
|
| jOVAL Definition Interpreter (jovaldi) | jOVAL.org | Open Source, Java-based OVAL Definition Interpreter | United States |
|
| McAfee Policy Auditor | McAfee, Inc. | Automated Vulnerability Remediation | United States |
|
| NopSec Vulnerability Risk Management (VRM) | NopSec, Inc. | Vulnerability Risk Management | United States |
|
| OpenVAS | OpenVAS | Vulnerability Management | Germany |
|
| SAINT Vulnerability Scanner | SAINT Corporation | Vulnerability Assessment | United States |
|
| SCAP Compliance Checker | SPAWAR Systems Center Atlantic | OVAL Definition Evaluator | United States |
|
| SecPod Saner | SecPod Technologies | Vulnerability Management | India |
|
| Security-Database OVAL Repository | Security-Database | Web-Based OVAL Repository Database | France |
|
| Secutor Compliance Automation Toolkit (S-CAT) | ThreatGuard, Inc. | Universal, Integratable SCAP Assessment Module | United States |
|
| Secutor Magnus | ThreatGuard, Inc. | Enterprise SCAP Compliance/Vulnerability Management System | United States |
|
| Secutor Prime | ThreatGuard, Inc. | Desktop Compliance/Vulnerability Assessment Tool | United States |
|
| Tripwire Enterprise | Tripwire, Inc. | Security Configuration Management | United States |
|
| ADTsys Cloud Security | ADTsys Software | Cloud Security | Brazil | Declaration |
| Arellia Security Analysis Solution | Arellia Corporation | Security Configuration Management | United States | Declaration |
| Armadillo | U.S. Army CERDEC | Vulnerability Assessment and Remediation | United States | Declaration |
| ATM Information Security Workflow | ATM Software sp. z o.o. | Workflow for server/software lifecycle management with OVAL repository and vulnerability assessment. | Poland | Declaration |
| AVDS | Beyond Security Ltd. | Automated Vulnerabilities Scanner | Israel | Declaration |
| Catbird vSecurity | Catbird Networks, Inc. | Security Service | United States | Declaration |
| FusionVM Enterprise Vulnerability Management System | Critical Watch | Enterprise Vulnerability Management System | United States | Declaration |
| HP Live Network | Hewlett-Packard Development Company, L.P. | Content Repository | United States | Declaration |
| HP Server Automation | Hewlett-Packard Development Company, L.P. | Enterprise Server/Application Lifecycle Management | United States | Declaration |
| IT Dashboard | Security-Database | Web-Based IT Vulnerability and Threats Dashboard | France | Declaration |
| MODSIC Project | Modulo Security Solutions | OVAL Collector Service | United States | Declaration |
| Modulo Risk Manager | Modulo Security Solutions | Governance, Risk Management, and Compliance (GRC) Management | United States | Declaration |
| NetIQ Secure Configuration Manager | NetIQ Corporation | Enterprise Security Configuration Assessment | United States | Declaration |
| SecureVue | eIQnetworks, Inc. | Unified Situational Awareness Platform | United States | Declaration |
| Security Scanning SDK | Pivotal Security LLC | OVAL Definition Evaluator | United States | Declaration |
| SSA - Security System Analyzer | Security-Database | Security Scanner and Compliance Assessment Software | France | Declaration |
| SUSE Manager 1.7 | SUSE | Linux Patch and Configuration Management | United States | Declaration |
| Symantec Control Compliance Suite | Symantec Corporation | Automated Risk and Policy Compliance Management | United States | Declaration |
| Symantec Risk Automation Suite | Symantec Corporation | Enterprise Configuration, Vulnerability, Risk, and Compliance Management | United States | Declaration |
| Triumfant Resolution Manager | Triumfant, Inc. | Vulnerability, Patch, and Compliance Assessment | United States | Declaration |
| Xacta IA Manager Continuous Assessment | Telos Corporation | Certification and Accreditation Solution | United States | Declaration |
| Xacta IA Manager HostInfo | Telos Corporation | Certification and Accreditation Solution | United States | Declaration |
