System Center Configuration Manager Extensions for SCAP
Published: June 8, 2008 | Updated: July 14, 2009
What’s New
System Center Configuration Manger Extensions for SCAP is the next version of “SCAP Conversion Tool for DCM.” This new release converts Security Content Automation Protocol (SCAP) content for use by desired configuration management (DCM) and DCM reports into SCAP reporting format.
Download This Solution Accelerator
About This Solution Accelerator
The System Center Configuration Manager Extensions for SCAP utilize the desired configuration management (DCM) feature in Microsoft® System Center Configuration Manager 2007 to scan the computers in your environment and then document their level of compliance with the Federal Desktop Core Configuration (FDCC) mandate.
The extensions enable Configuration Manager 2007 to consume Security Content Automation Protocol (SCAP) data streams, assess systems for compliance, and generate report results in SCAP format. Now your organization can leverage its existing Configuration Manager 2007 infrastructure to ensure that the computers you manage meet this federal compliance requirement and generate the requisite FDCC reports for the National Institute of Standards and Technology (NIST) and the U.S. Office of Management and Budget (OMB).
If your organization is affected by the FDCC mandate, these extensions might be very valuable to you.
Included in the Download
The System Center Configuration Manager Extensions for SCAP download includes the following components:
- ConfigMgr_Extensions_for_SCAP.msi: This Microsoft Windows Installer (.msi) file includes the command-line tools that you use to convert SCAP data files to DCM Configuration Packs and also convert DCM reports into SCAP format and the following two documents.
- System Center ConfigMgr Extensions for SCAP User Guide.docx: This user guide provides instructions for the tool.
- Data Type Mapping for SCAP to DCM.docx: This document illustrates how data elements map between DCM and the SCAP formats including XCCDF and OVAL.
- System Center ConfigMgr Extensions for SCAP FAQ.docx: This document contains frequently asked questions and answers about the System Center Configuration Manager Extensions for SCAP.
- ReleaseNotes.rtf
In More Detail
The Security Content Automation Protocol (SCAP) provides a method to use specific existing standards to enable automated vulnerability management, measurement, and policy compliance evaluation.
SCAP is a suite of selected open standards that together provide a consistent method to scan computer systems and automatically identify, measure, and evaluate potential security issues. SCAP enumerates software vulnerabilities, security-related configuration issues, and product names on computer systems. SCAP also provides mechanisms to measure and rank (score) scan results to evaluate the impact of any discovered security issues. For more information, visit the SCAP page of the National Institute of Standards and Technology (NIST) Web site at https://nvd.nist.gov/scap.cfm.
The Federal Desktop Core Configuration (FDCC) is a security configuration standard mandated by the U.S. Office of Management and Budget (OMB). The FDCC standard currently exists for Windows Vista® and Windows® XP operating systems. While not addressed specifically as the "Federal Desktop Core Configuration" at its inception, the FDCC was originally called for in a March 22, 2007 memorandum from the OMB issued to all Federal agencies and department heads, and a corresponding memorandum from the OMB issued to all Federal agency and department Chief Information Officers (CIOs). For more information, visit the NIST FDCC page at https://nvd.nist.gov/fdcc/.
Related Resources
- System Center Configuration Manager
- Security Compliance Management Toolkit Series
- Solution Accelerators – Security and Compliance
Community and Feedback
- Want to know what’s coming up next? Check out our Solution_Accelerators Security Blog.
- Direct questions and comments about the System Center Configuration Manager Extensions for SCAP to scscap@microsoft.com.
- If you have used a Solution Accelerator in your organization, please share your experience with us by completing this short survey that requires less than 10 minutes to finish.
About Solution Accelerators
Solution Accelerators are authoritative resources that help IT pros plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free, prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.
Sign up to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as:
- Communication and collaboration
- Security, data protection, and recovery
- Deployment
- Operations and management