Organizations Participating — Archive
Important: The OVAL Compatibility Program was moved to "archive" status in December 2009, and replaced with the "OVAL Adoption Program." Under the OVAL Adoption Program product validation is performed by an external organization, allowing the OVAL Team to focus on educating vendors on best practices regarding the use and implementation OVAL and on how OVAL can continue to evolve as needed by the community.
Refer to the OVAL Adoption Program section for addition information and to review all products and services listed.
| TOTALS | |
| Organizations Participating: 28 | |
| Products & Services: 40 | |
All organizations participating in the Compatibility Program are listed below, including those with OVAL-Compatible Products and Services and those with Declarations to Be OVAL-Compatible.
Products are listed alphabetically by organization name:
| Agiliance | Date Declared: November 8, 2007 |
Web Site: www.agiliance.com
Quote/Declaration: In order to promote open standards and leveraging existing tools already deployed as authoritative sources of compliance audit detail, Agiliance executes "OVAL" scripts to implement CIS benchmarks. Agiliance IT-GRC has implemented CIS benchmark support for most OSes as well as for selected applications (e.g. Oracle database). Agiliance is using OVAL compatibility declarations to support this capability. In addition, Agiliance has upgraded to OVAL v5.3 to accommodate SCAP in its 'XCCDF and OVAL' import tool.
| Name: IT GRC Platform 3.0 | ||
| Type: Risk and Compliance Management Solution | ||
| OVAL Definition Consumer: Yes OVAL Results Consumer: Yes OVAL Systems Characteristics Consumer: Yes OVAL Definition Producer: Planned OVAL Results Producer: Planned OVAL Systems Characteristics Producer: Planned |
||
Last Updated: November 8, 2007
| Ai Metrix, a SYS Technologies company | Date Declared: October 15, 2007 |
Web Site: www.systechnologies.com
Quote/Declaration: The NeuralStar framework together with an SCAP-certified tool combine to bring the power of automated content and compliance, and automated evaluation and remediation to the SCAP. When teamed with an SCAP vendor, the NeuralStar consolidated dashboard can display SCAP scan results including OVAL, XCCDF, CCE, CVSS and other standards as they mature thus assisting FISMA compliance reporting.
| Name: NeuralStar Network | ||
| Type: Management System (NMS) for SCAP Services and Reporting | ||
| OVAL Results Consumer: Planned |
||
Last Updated: October 22, 2007
| ArcSight, Inc. | Date Declared: July 5, 2006 |
Web Site: www.arcsight.com
Quote/Declaration: As a pioneer and leading provider of security management solutions for the enterprise ArcSight actively promotes and supports open systems standards such as OVAL.
| Name: ArcSight Enterprise Security Manager | ||
| Type: Enterprise Security Management | ||
| OVAL Results Consumer: Planned |
||
Last Updated: September 15, 2006
| Assuria Limited | Date Declared: September 4, 2006 |
Web Site: www.assuria.com
Quote/Declaration: Assuria Auditor (formerly known as ISS System Scanner), a host-based vulnerability assessment and policy compliance tool, assesses host security, detecting and reporting system security weaknesses. Assuria Auditor measures, manages, and enforces security policies across a wide range of operating systems using a host-to-network view of critical systems and servers. Assuria Auditor's methodology simplifies the creation of system security baselines for users, groups, shares, services, and critical system files, and easily fits in with existing business processes. Fully scalable for enterprise installations, Assuria Auditor manages large sensor populations and comes with a Web interface for distributed security management. Assuria Auditor issues reports designed for both technical and managerial audiences that identify areas of concern, the consequences of a security breach, and the remedy for each out-of-policy, mis-configuration, or vulnerability.
Assuria Auditor is CVE-compliant and Assuria Limited is committed to provide support for OVAL as an OVAL Definition Consumer and Producer, and an OVAL Results Producer, which will allow customers to integrate Assuria Auditor output with other OVAL-compatible results-consumer products.
| Name: Assuria Auditor Version 4.2.5 | ||
| Type: Vulnerability Assessment / Policy Compliance | ||
| OVAL Definition Consumer: Planned OVAL Results Producer: Planned OVAL Systems Characteristics Consumer: Planned |
||
Last Updated: September 15, 2006
| BigFix, Inc. | Date Declared: June 20, 2006 |
Web Site: www.bigfix.com
Quote/Declaration: BigFix enables organizations to better manage their global IT infrastructures with solutions to discover, analyze, change, and maintain security and software configurations faster and more accurately, resulting in improved processes, greater visibility, better security and more reliable services while reducing costs.
BigFix supports the adoption of open standards such as OVAL as an important part of reducing IT security risk and improving policy and regulatory compliance. The BigFix Enterprise Suite for Vulnerability and Security Configuration Management consumes OVAL Definitions to provide real-time vulnerability detection and remediation for heterogeneous distributed networks. The suite will produce OVAL Systems Characteristics and OVAL Results to enable tools that consume OVAL to leverage the accurate and real-time configuration and security visibility provided by BigFix solutions.
| Name: BigFix Enterprise Suite for Vulnerability and Security Configuration Management, Version 6.0 | ||
| Type: Real-Time Security Configuration Management Suite |
|
|
| OVAL Definition Consumer: Yes OVAL Results Producer: Planned OVAL Systems Characteristics Producer: Planned |
||
| Review Completed Questionnaire | ||
Last Updated: October 4, 2006
| US ARMY CERDEC | Date Declared: May 3, 2007 |
Web Site: www.cerdec.army.mil
Quote/Declaration: Armadillo developed by US Army CERDEC is a vulnerability assessment and remediation tool to bring Linux servers into compliance with security regulations. Armadillo consumes OVAL definition files (such as the ones produced by Red Hat and Mitre) and applies patches where applicable. It works on LANs disconnected from the internet and is able to probe and remediate multiple hosts concurrently over SSH without the need to install any software on the target hosts.
| Name: Armadillo | ||
| Type: Vulnerability Assessment and Remediation | ||
| OVAL Definition Consumer: Planned OVAL Results Consumer: Planned OVAL Results Producer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Systems Characteristics Producer: Planned OVAL Definition Producer: No |
||
Last Updated: May 3, 2007
| The Center for Internet Security | Date Declared: September 11, 2007 |
Web Site: www.cisecurity.org
Quote/Declaration: CIS' CIS-CAT (CIS Security Assessment Tool) reads XCCDF and OVAL, and automatically tests systems for compliance with guidance provided in those formats. CIS-CAT currently provides full XCCDF, OVAL and CPE support.
| Name: CIS-CAT | ||
| Type: Host-based security scanner tool | ||
| OVAL Definition Consumer: Yes OVAL Definition Producer: No OVAL Results Consumer: No OVAL Results Producer: No OVAL Systems Characteristics Consumer: No OVAL Systems Characteristics Producer: No |
||
Last Updated: September 12, 2007
| Configuresoft, Inc. | Date Declared: December 1, 2006 |
Web Site: www.configuresoft.com
Quote/Declaration: OVAL compatibility will improve the efficiency and effectiveness with which our customers can leverage authoritative vulnerability and remediation content, as well as improve inter-application integration across the provisioning, configuration and compliance stacks in the enterprise.
| Name: Enterprise Configuration Manager | ||
| Type: Assessment and Remediation solution |
|
|
| OVAL Definition Consumer: Yes OVAL Results Consumer: Yes OVAL Results Producer: Yes OVAL Definition Producer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Systems Characteristics Producer: No |
||
| Review Completed Questionnaire | ||
Last Updated: January 31, 2007
| eEye Digital Security, Inc. | Date Declared: September 4, 2007 |
Web Site: www.eeye.com
Quote/Declaration: eEye understands the need for an open, standardized method of
communicating security information across all platforms and applications.
eEye is committed to providing support for OVAL in an effort to provide
customers with a common method of sharing security information
(internally and externally) and strengthening the security of their
organizations.
| Name: Retina Enterprise Suite | ||
| Type: Vulnerability Management | ||
| OVAL Definition Consumer: Planned OVAL Results Producer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Definition Producer: No OVAL Results Consumer: No OVAL Systems Characteristics Producer: No |
||
| Name: Retina Network Security Scanner | ||
| Type: Network Security Risk Assessment | ||
| OVAL Definition Consumer: Planned OVAL Results Producer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Definition Producer: No OVAL Results Consumer: No OVAL Systems Characteristics Producer: No |
||
Last Updated: September 4, 2007
| GFI Software Ltd. | Date Declared: February 20, 2007 |
Web Site: www.gfi.com
Quote/Declaration: GFI LANguard Network Security Scanner is our award winning software solution which helps security administrators be in contact with the real security status of their network. GFI LANguard N.S.S. integrates the three main pillars of security management i.e. Vulnerability Scanning, Network Auditing and Patch management into one product. The results of the three areas are processed, grouped and linked to provide a unified view which reflects more closely the big picture of the threats which are present on the network.
GFI recognizes the importance of standards in a field which is encountering even bigger challenges, variation of attacks and abuses of IT systems. While searching for a standard which will allow us to adhere to as well as encourage our customers to report vulnerabilities in a particular format, we found a perfect synergy between our technology and OVAL. We believe that such integration will provide a common ground for our customers and security administrators out there to share and unify experiences against these ever increasing threats.
| Name: LANguard Network Security Scanner | ||
| Type: Network Vulnerability Assessment and Remediation |
|
|
| OVAL Definition Consumer: Yes OVAL Results Consumer: Planned OVAL Results Producer: Planned |
||
| Review Completed Questionnaire | ||
Last Updated: April 13, 2007
| Guidance Software Inc. | Date Declared: August 3, 2007 |
Web Site: www.guidancesoftware.com
Quote/Declaration: We would like to use the OVAL database to perform vulnerability checks on end nodes within on organization. We'd like to consume an OVAL database, and iterate through it checking each end node for the defined vulnerability. At then end we would produce a report listing which machines passed/failed the vulnerability checks and for those that failed, which vulnerabilities exist.
| Name: EnCase Information Assurance Suite | ||
| Type: Enterprise software | ||
| OVAL Definition Consumer: Planned OVAL Results Consumer: Planned OVAL Systems Characteristics Consumer: Planned |
||
Last Updated: August 6, 2007
| Hewlett-Packard Development Company | Date Declared: April 17, 2007 |
Web Site: www.hp.com
Quote/Declaration: The Opsware Server Automation System along with The Opsware Network enables IT organizatons to efficiently manage their server infrastructure, ensure compliance with industry standards and internal best practices, and provides an actionable vulnerability service designed to rapidly identify and remediate network vulnerabilities that apply to the IT organization based on their server infrastructure.
HP (formerly Opsware) supports the OVAL standard for vulnerability disclosure. Standarizing on the OVAL format will assist the IT organization in reducing the vulnerability window between vulnerability notification and remediation.
| Name: Opsware Server Automation System | ||
| Type: Application Management |
|
|
| OVAL Definition Consumer: Yes |
||
| Review Completed Questionnaire | ||
| Name: The Opsware Network | ||
| Type: Repository of Content |
|
|
| OVAL Definition Producer: Yes |
||
| Review Completed Questionnaire | ||
Last Updated: November 13, 2007
| Inverse Path Ltd. | Date Declared: February 21, 2008 |
Web Site: www.inversepath.com
Quote/Declaration: Our compliance tool aims at allowing an easy and effective management of security policies. We've always looked at standardization efforts as a very effective approach for improving the state of security and/or known vulnerability checking, OVAL does just that and we are committed in supporting it for seamless integration and empowering users without re-inventing the wheel.
| Name: TPOL - OVAL Security Compliance | ||
| Type: Vulnerability/Patch/Compliance Assessment | ||
| OVAL Definition Consumer: Yes OVAL Results Consumer: Planned OVAL Results Producer: Planned |
||
| Review Completed Questionnaire | ||
Last Updated: February 22, 2008
| KACE Networks, Inc. | Date Declared: June 8, 2006 |
Web Site: www.kace.com
Quote/Declaration: The KBOX 1000 Series Systems Management Appliances by KACE are a secure line of server appliances that automate routine and complex IT maintenance tasks improving IT productivity and security. Included with the KBOX 1000 Series appliances are a set of security features which provide vulnerability auditing through seamlessly integrating OVAL tests and reporting on the outcomes at both at the individual node and aggregate network levels. The KBOX 1000 Series is also searchable by OVAL-ID. In addition, security policies can be set and enforced through automatic remediation and, if necessary, node quarantine to prevent security breaches and/or network infections.
KACE applauds the OVAL standard efforts as a key enabler for helping IT organizations deal with the very real security and productivity threats that have escalated dramatically in the last five years.
| Name: KBOX 1000 Series Systems Management Appliances | ||
| Type: IT Automation Appliances |
|
|
| OVAL Definition Consumer: Yes |
||
| Review Completed Questionnaire | ||
Last Updated: October 16, 2006
| Lieberman Software Corporation | Date Declared: February 19, 2008 |
Web Site: www.liebsoft.com
Quote/Declaration: Lieberman Software has always been at the forefront of providing security reporting and management tools for our government and commercial accounts. We believe that the active adoption and reporting on system characteristics based on OVAL standards would provide a substantial benefit for our client base and given them an even clearer evaluation of their security profile as well as the tools to bring their system and security architecture up to best practices more rapidly.
| Name: User Manager Pro | ||
| Type: System security reporting, management, and remediation | ||
| OVAL Definition Consumer: Planned OVAL Results Producer: Planned |
||
Last Updated: February 19, 2008
| Lumension Security | Date Declared: September 5, 2006 |
Web Site: www.lumension.com
Quote/Declaration: The Lumension (formerly PatchLink) OVAL Add-In comes in several versions intregrated with Lumension Update, Lumension Enterprise Reporting and Lumension Scanner Integration. The Add-In is a Web application that consumes results and system characteristic files from clients through manual or automatic uploads. The Add-In consumes definitions from multiple source, consolidates and produces operating system family specific definition files. The Add-In includes command-line-based intrepreters and is designed to work with 3rd party intrepreters to produce system characteristic and result files. Data is stored in a database that supports XML as a native database and has Xpath support.
| Name: Lumension Enterprise Reporting with OVAL Add-In, Version 6.3 | ||
| Type: Vulnerability/Patch/Compliance Assessment | ||
| OVAL Definition Consumer: Planned OVAL Definition Producer: Planned OVAL Results Consumer: Planned OVAL Results Producer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Systems Characteristics Producer: Planned |
||
| Name: Lumension Intelligent OVAL Xml Editor, Version 6.3 | ||
| Type: OVAL Utility | ||
| OVAL Definition Producer: Planned OVAL Definition Consumer: No OVAL Results Consumer: No OVAL Results Producer: No OVAL Systems Characteristics Consumer: No OVAL Systems Characteristics Producer: No |
||
| Name: Lumension OVAL Add-In (Special Edition), Version 6.3 | ||
| Type: Vulnerability/Patch/Compliance Assessment |
|
|
| OVAL Definition Consumer: Yes OVAL Results Consumer: Yes OVAL Results Producer: Yes OVAL Systems Characteristics Consumer: Yes OVAL Systems Characteristics Producer: Yes |
||
| Review Completed Questionnaire | ||
| Name: Lumension Scanner Integration with OVAL Add-In, Version 6.3 | ||
| Type: Vulnerability/Patch/Compliance Assessment | ||
| OVAL Definition Consumer: Planned OVAL Definition Producer: Planned OVAL Results Consumer: Planned OVAL Results Producer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Systems Characteristics Producer: Planned |
||
| Name: Lumension Update with OVAL Add-In, Version 6.3 | ||
| Type: Vulnerability/Patch/Compliance Assessment | ||
| OVAL Definition Consumer: Planned OVAL Definition Producer: Planned OVAL Results Consumer: Planned OVAL Results Producer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Systems Characteristics Producer: Planned |
||
Last Updated: September 14, 2007
| McAfee, Inc. | Date Declared: January 29, 2007 |
Web Site: www.mcafee.com
Quote/Declaration: OVAL is establishing the bar on interoperability between tools in the vulnerability identification and vulnerability remediation management and system state fields. The ability to specifically describe vulnerabilities on a system and exchange that information between tools is doing a great deal to improve the offerings vendors supply to their customers. McAfee is actively working with OVAL to foster and advance this effort.
| Name: Hercules Policy Auditor 4.5 | ||
| Type: Automated Vulnerability Remediation, Compliance Management, Policy Audit, Policy Enforcement and Vulnerability Management |
|
|
| OVAL Results Consumer: Yes |
||
| Review Completed Questionnaire | ||
| Name: Hercules Remediation Manager 4.5 | ||
| Type: Automated Vulnerability Remediation, Compliance Management, Policy Audit, Policy Enforcement and Vulnerability Management |
|
|
| OVAL Results Consumer: Yes |
||
| Review Completed Questionnaire | ||
Last Updated: August 22, 2007
| MMG Security, Inc. | Date Declared: October 12, 2006 |
Web Site: www.mmgsecurity.com
Quote/Declaration: Sussen is a host-based vulnerability assessment tool. It's purpose is to serach for vulnerabilties, configuration and policy issues on computer systems. Sussen uses agents for distributed deployments and a web interface for management/reporting.
MMG Security fully supports the OVAL standard and is commited to providing support for producing/consuming all OVAL documents and interoperability with other OVAL-compatible products.
| Name: Sussen Version 1.0 | ||
| Type: Vulnerability Assessment / Policy Compliance |
|
|
| OVAL Definition Consumer: Yes OVAL Results Consumer: Yes OVAL Results Producer: Yes OVAL Systems Characteristics Consumer: Yes OVAL Systems Characteristics Producer: Yes |
||
| Review Completed Questionnaire | ||
Last Updated: February 2, 2006
| nCircle Network Security, Inc. | Date Declared: September 14, 2006 |
Web Site: www.ncircle.com
Quote/Declaration: nCircle IP360 is an enterprise-class vulnerability and risk management system that proactively drives cost-effective network risk reduction. nCircle IP360 delivers a comprehensive view of your risk, continuously adapts to the changing threat environment, and is built for rapid deployment and ease of management across large, globally distributed networks. nCircle is committed to open standards of quality in the security community, and fully supports the OVAL standard for vulnerability checks. nCircle will assert compatibility between our checks and the OVAL standard, ensuring that the results of our checks match the OVAL results. Further integration will enable customers to import OVAL definitions as custom rules.
nCircle nTellect for Cisco IDS/IPS is a real-time threat prioritization system that leverages endpoint intelligence gathered from the nCircle IP360 vulnerability and risk management system. nTellect correlates host vulnerability and application information with Cisco Intrusion Detection and Prevention System alerts to identify real threats and suspicious activity against truly vulnerable targets. Prioritization of attacks based on endpoint intelligence significantly reduces the occurrence of false alerts and enable security personnel to focus their resources on high risk network attacks.
| Name: IP360 | ||
| Type: Vulnerability Management System | ||
| OVAL Definition Consumer: Planned OVAL Results Producer: Planned |
||
| Name: nTellect for Cisco IDS/IPS | ||
| Type: Real-Time Threat Prioritization System | ||
| OVAL Definition Consumer: Planned |
||
Last Updated: September 15, 2006
| NetIQ Solutions from Attachmate | Date Declared: September 12, 2006 |
Web Site: www.netiq.com
Quote/Declaration: NetIQ Secure Configuration Manager measures and enforces compliance to configuration baselines in accordance with corporate policies, regulations and evolving threats and vulnerabilities. It also performs remediation on compliance and configuration gaps, using security knowledge that is updated in real time. Secure Configuration Manager proactively ensures that organizations are identifying the latest system vulnerabilities and complying with policies to manage information security risk. This allows users to correct exposures before they result in security breaches, failed audits or costly downtime. OVAL is an integral part of NetIQ's approach to assure compliance, manage IT risks and secure assets. NetIQ Secure Configuration Manager consumes OVAL Definitions to provide host based vulnerability assessment for global, heterogeneous environments. NetIQ Secure Configuration Manager also consumes OVAL results, allowing organizations to leverage existing investments in network vulnerability assessment tools while providing a single point of roll-up, scoring and presentation of security configuration and vulnerability assessment results.
| Name: NetIQ Secure Configuration Manager 5.6 | ||
| Type: Configuration and Vulnerability Management |
|
|
| OVAL Definition Consumer: Yes OVAL Results Consumer: Planned OVAL Results Producer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Systems Characteristics Producer: Planned |
||
| Review Completed Questionnaire | ||
Last Updated: January 31, 2007
| NIST Computer Security Division | Date Declared: January 18, 2007 |
Web Site: csrc.nist.gov/
Quote/Declaration: The Security Content Automation Program (SCAP) is a public free repository of security content to be used for automating technical control compliance activities, vulnerability checking (both application misconfigurations and software flaws), and security measurement.
| Name: Security Content Automation Program | ||
| Type: Repository of Compliance Checks |
|
|
| OVAL Definition Producer: Yes |
||
| Review Completed Questionnaire | ||
Last Updated: January 31, 2007
| Red Hat, Inc. | Date Declared: May 18, 2006 |
Web Site: www.redhat.com
Quote/Declaration: The Red Hat Security Response team constantly tracks and investigates all security issues affecting Red Hat customers, providing timely and clearly explained patches and security advisories via the Red Hat Network, designed to help customers evaluate and manage their risk. By creating and supporting OVAL patch definitions we provide a structured and machine-readable version of our security advisories, allowing OVAL-compatible tools to test for the presence of described vulnerabilities.
| Name: Red Hat Security Advisories | ||
| Type: Security Update Advisories |
|
|
| OVAL Definition Producer: Yes |
||
| Review Completed Questionnaire | ||
Last Updated: May 18, 2006
| Scalable Software, LLC | Date Declared: July 7, 2006 |
Web Site: www.scalable.com
Quote/Declaration: Scalable Software's Command Center (CC) Examiner is an agentless application that assesses system compliance with best practice security configuration standards defined by the Center for Internet Security (CIS). CC Examiner also measure and reports against custom created security configuration standards and integrates evidentiary data into Scalable's CC IT compliance management system. CC Examiner supports the ability to import OVAL definitions associated with configuration security benchmarks and technical standards created by CIS, and to assess system compliance against these benchmarks.
| Name: Command Center Examiner | ||
| Type: Security Configuration and Policy Compliance Checker | ||
| OVAL Definition Consumer: Planned |
||
Last Updated: July 7, 2006
| Secure Elements, Inc. | Date Declared: June 16, 2006 |
Web Site: www.secure-elements.com
Quote/Declaration: C5 Compliance Platform consists of an integrated security appliance and host-based sensors, and is a plug-and-play compliance and vulnerability management solution. Our sensors are unique in that they are "light weight," with negligible processor, memory, and hard disk requirements. We also use the Common Vulnerabilities and Exposures (CVE) dictionary for standardized naming and vulnerability identification and other information security exposures.
| Name: C5 Compliance Platform Version 3.0 | ||
| Type: Enterprise Compliance and Vulnerability Management |
|
|
| OVAL Definition Consumer: Yes OVAL Results Consumer: Yes OVAL Results Producer: Yes |
||
| Review Completed Questionnaire | ||
Last Updated: May 8, 2007
| Security-Database | Date Declared: January 7, 2007 |
Web Site: www.security-database.com
Quote/Declaration: SSA is a non-intrusive host-based security analyzer that fully uses the capabilities of the OVAL interpreter. Next releases will integrate the ability to report vulnerabilities using OVAL-ID, CVE and CVSS, missed patches, users policy and much more features. Security-Database, a senior security consultants consortium, actively promotes open standards projects. And the OVAL concept is one of the best that IT organizations has to keep an eye on.
| Name: Security System Analyzer Version 1.5 | ||
| Type: Vulnerability Assessment / Policy Compliance |
|
|
| OVAL Definition Consumer: Yes OVAL Results Consumer: Yes OVAL Results Producer: Yes OVAL Systems Characteristics Consumer: Yes OVAL Systems Characteristics Producer: Yes OVAL Definition Producer: No |
||
| Review Completed Questionnaire | ||
Last Updated: April 11, 2007
| ThreatGuard, Inc. | Date Declared: January 5, 2004 |
Web Site: www.ThreatGuard.com
Quote/Declaration: ThreatGuard's Vulnerability Management products utilize accurate vulnerability reporting as one of their cornerstones. The OVAL definitions provided and maintained by the OVAL community represent the most accessible and thorough collection of on-box vulnerability definitions for Windows, Linux, Solaris, HP-UX, and Cisco IOS. ThreatGuard recognizes the advantages in applying the OVAL definitions on a network-wide basis to enhance vulnerability detection, patch management, compliance management, and software inventory and has thus made OVAL Compatibility a significant feature of the ThreatGuard products since January 2005.
By seamlessly including OVAL tests in our vulnerability scanning subsystem, ThreatGuard, Inc. validates and endorses the use of OVAL definitions on a network-wide basis. ThreatGuard also performs value-added steps, such as providing solution text and integrated CVSS references where applicable. By performing these tests in Java from a Linux-based, auto-updated network appliance, ThreatGuard enables a wide array of organizations to take advantage of the OVAL team's tremendous work.
| Name: Secutor Prime | ||
| Type: Compliance Management and Remediation |
|
|
| OVAL Definition Consumer: Yes OVAL Results Producer: Yes OVAL Results Consumer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Systems Characteristics Producer: Planned OVAL Definition Producer: No |
||
| Review Completed Questionnaire | ||
| Name: ThreatGuard 4.5 | ||
| Type: Continuous Security Auditing and Compliance Management |
|
|
| OVAL Definition Consumer: Yes OVAL Results Producer: Yes OVAL Results Consumer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Systems Characteristics Producer: Planned OVAL Definition Producer: No |
||
| Review Completed Questionnaire | ||
| Name: ThreatGuard OEM Integration Kit 1.0 | ||
| Type: Libraries to Build OVAL Compatibility into Third-Party Systems |
|
|
| OVAL Definition Consumer: Yes OVAL Results Producer: Yes OVAL Results Consumer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Systems Characteristics Producer: Planned OVAL Definition Producer: No |
||
| Review Completed Questionnaire | ||
| Name: ThreatGuard On Demand 1.0 | ||
| Type: On Demand Auditing and Compliance Management |
|
|
| OVAL Definition Consumer: Yes OVAL Results Producer: Yes OVAL Results Consumer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Systems Characteristics Producer: Planned OVAL Definition Producer: No |
||
| Review Completed Questionnaire | ||
| Name: ThreatGuard Traveler 4.5 | ||
| Type: Continuous Security Auditing and Compliance Management for Service Providers |
|
|
| OVAL Definition Consumer: Yes OVAL Results Producer: Yes OVAL Results Consumer: Planned OVAL Systems Characteristics Consumer: Planned OVAL Systems Characteristics Producer: Planned OVAL Definition Producer: No |
||
| Review Completed Questionnaire | ||
Last Updated: January 19, 2007
Page Last Updated: June 04, 2009
