Trusted Computing Group

Break open the bubbly! Or, at least, say congratulations to the hard-working volunteer members of the Trusted Computing Group and to staff at the NSA. They were presented with the SANS Award for Cybersecurity Innovation in October at the SANS National Cybersecurity Innovation Conference.

 

TCG and its TNC work group, along with the NSA, were honored for their work on integrating the TNC and SCAP standards and demonstrating the value of this integration. As you might know, SCAP is the Security Content Automation Protocol, a suite of open standards that enables automated vulnerability management, measurement, and policy compliance evaluation.

 

How is this related to TCG's Trusted Network Connect architecture and standards? Several years ago, with the diligent efforts of several TCG members, TCG announced the integration of the TNC specifications with SCAP. As a result, scanners based on SCAP can be used with network security gear based on the TNC specifications to identify and quarantine unhealthy devices. This automates checking and compliance for millions of PCs and other devices. More information can be found here.

 

SCAP usage is used heavily in the U.S. government; the U.S. Office of Management and Budget now requires usage of SCAP-validated tools to verify compliance to federal IT security standards.

 

The awarded demo integrates gear from four TCG member companies to test and demonstrate some typical TNC/SCAP scenarios such as Comply to Connect.

 

Beyond the lab, TCG members today actively support SCAP in products that have been purchased and are in use today in yet another example of the daily implementation and benefits of Trusted Computing standards.