Security Automation and Compliance Checking, Together with SCAP and TNC
The integration means that scanners based on SCAP can be used with network security gear based on the TNC specifications to identify and quarantine unhealthy devices. This will automate compliance checking and network enforcement for millions of PCs and other devices.
There are dozens of TNC products now available from a number of vendors and combined with the widespread availability of products supporting SCAP, IT can select from a variety of vendors and products that will work together, eliminating the need to lock in a single vendor or solution.
This topic was explored at a panel session at the NSA Trusted Computing Conference a few weeks ago where TCG TNC co-chair Steve Hanna explained how TNC allows information to be shared among security devices and SCAP enables compliance. As beta user and IT expert David O'Berry of the South Carolina Department of Probation, Parole and Pardon Services put it, IT folks could certainly do some of what is achieved with the new integration before, but he joked, "You just described something that only 0.3% of the people on the planet could do it."
In contrast, two TCG members who only recently met were able to put together a fully working system of SCAP-validated scanners and TNC-based gear. It is all up and running now in O'Berry's office. "That¹s what happens when you¹re working with an open standard," he said.
How widespread is the use of SCAP? Since 2007, when the U.S. Office of Management and Budget mandated its usage, millions of systems are checked automatically for compliance to the federal guidelines with tools based on the standard. Now, those systems can be checked when they connect to the network to see if they're healthy and quarantined and remedied if they're not healthy.
TCG member Triumfant has a white paper on this topic and TCG has published a paper as well. You can also read the news release and FAQs about this topic. Watch for updates on this topic.
Categories: Network Security, News & Events