Ricoh, provider of digital office equipment, announced that it is working in tandem with UNETsystem, to develop a Network Access Protection (NAP) agent for Ricoh devices.A Microsoft(C) software platform, NAP supports devices that operate on Microsoft Windows OS, but Ricoh devices use Linux or Unix. The objective of Ricoh-UNETsystem collaborative work is to develop a customized solution with unetsha Linux version, for implementing the NAP client functionality on Ricoh devices. With this solution, IT managers can enhance the security level of corporate networks by conducting NAP-based security compliance checks on Ricoh products.

As network and security administrators work to keep networks secure, compliant and running smoothly, they are largely finding the solutions currently installed in their networks to be inadequate, according to a Frost & Sullivan survey underwritten by Telcordia. The survey, which measured usage and satisfaction attitudes of IT managers, found that more than 60 percent were not satisfied with the ability of their existing network change and configuration management (NCCM) products based, in part, on a significant gap between desired and available product functionality. Our latest research has shown that network and security administrators are struggling with existing solutions to adequately maintain their networks, which are growing increasingly more complicated in the face of increased users, devices and security threats, said Debbie Wong, Consultant, North America, Business & Financial Services Group, Frost & Sullivan. To date, the crowded NCCM market, which our research shows is domin

2008 has been the year in which the lines between organizational initiatives for information management and information security began to merge and the implications for storage, security and compliance executives became significant. Gijo Mathew, VP of Security Solutions for Orchestria, the proven leader in Information Protection and Control, notes that the convergence of managing security risks, adhering to compliance/legal obligations, and classifying information has been driven by more effective IT Governance. This convergence requires organizations to better understand and control the information itself, while supporting existing business operations. Information management and information security initiatives share common requirements, said Mathew. We often see the same information is subject to information security and compliance related requirements, as well as classification obligations. We are now beginning to see organizations take steps to implement integrated solutions. The n

nCircle announced the Security Content Automation Protocol (SCAP) certification of nCircle Configuration Compliance Manager as a Federal Desktop Core Configuration (FDCC) Scanner and as an Authenticated Configuration Scanner. As the world's leading agentless configuration auditing solution, nCircle Configuration Compliance Manager provides U.S. Federal agencies with an enterprise class system to support the largest networks, while at the same time delivering SCAP certified FDCC scanners with the ability to audit and assess a target system in order to determine its compliance with the Federal Desktop Core Configuration (FDCC) requirements.

Cloakware, the provider of proven software solutions for securing business applications and digital assets, announced the immediate availability of Cloakware Password Authority 4.0, the only enterprise-grade solution to automate the lifecycle management of privileged passwords in the datacenter. Cloakware Password Authority 4.0 (formerly Cloakware Server Password Manager or CSPM) enables business and government IT operations to meet strict Governance, Risk Management & Compliance (GRC) requirements by enforcing policies and regulations on who and what can access sensitive data and IT infrastructure, eliminating the often overlooked risks of unmanaged hard-coded system administrator (Administrator) and application-to-application (A2A) passwords and increasing operational continuity. Password Authority is the first privileged password management solution architected from the ground up to meet the demanding requirements of large global IT operations. Providing customers with the choice of

According to the National Institute of Standards and Technology (NIST), most organizations have difficulty measuring the security of their IT systems. This difficulty arises from multiple causes, such as different ways companies interpret policy, the complexity of systems, and human error. To help organizations improve their security posture and simplify compliance, Lumension Security Inc., a global leader in security management, today announced the availability of an SCAP validated network scanner. This, combined with Lumension Security's SCAP-ready agent-based scanning and remediation solution, enables government and other IT security organizations to automate compliance, vulnerability management and security measurement. The additional SCAP validation adds to Lumension Security's powerful Security Configuration Management platform that now combines an agent-based and network vulnerability scanner for complete visibility and control to support IT regulatory compliance initiatives su

Ounce Labs announced it has been granted its fourth patent in the area of source code analysis and security. This patent is the latest in a series of grants for Ounce Labs, based on filings beginning as early as 2003. Recognition by the U.S. Patent Office of our unique and innovative approach to software security is very rewarding for our organization, especially given the fact that analysis at this scale, with this kind of accuracy, was thought to be impossible when the company began, said Jack Danahy, founder and CTO of Ounce Labs. Our development of this broad patent portfolio has been a natural outgrowth of the innovation that our customers expect of Ounce Labs. These patent grants and the patents pending show our commitment to advancing the state of security assessment. We will continue to address application security problems using the most effective means possible.

Information Security contract spending by the U.S. federal government will grow at a 7.9% five-year compounded annual growth rate, from $6.6 billion in 2008 to $9.6 billion by 2013, according to INPUT, the authority on government business. Growth in information security spending will outpace growth in overall federal IT spending due to the government's continued need to address fundamental information security challenges at all levels. The federal government faces an information security 'one-two punch' of the continued danger of data theft and loss combined with an ever-increasing onslaught of cyber attacks from domestic and foreign sources, said John Slye, principal analyst at INPUT. INPUT's Federal Information Security Market Forecast, 2008-2013 examines ongoing challenges the government faces with frequent data losses, as well as explores key cyber security initiatives within defense, civilian, and intelligence agencies, including the Comprehensive National Cybersecurity Initiative

For the second time in 2008, Data Killers has successfully completed a large data destruction project for the Social Security Administration. Last week, Data Killers shredded 68,000 pounds of media for the SSA, ensuring that the information contained therein will never be recovered. Data Killers, a division of Turtle Wings, an electronics recycling company, holds the federal government contract for shredding hard drives and back-up tapes. 'Data destruction has become an increasingly important component of every companys and agencys document retention policy over the last year. With the FACTA and FISMA deadlines rapidly approaching, we have seen a huge up-surge in requests for data destruction. Since we have held the GSA contract for shredding media for over a year, our Certificates of Destruction have become nationally recognized, said Elizabeth Wilmot, President of Data Killers. We are one of the few companies that truly understands the laws, rules and regulations governing media de

Knowledge Consulting Group (KCG), an award winning cyber security services firm, announced today a partnership with Catbird, the pioneer in comprehensive security for virtual and physical networks and developer of the V-Agent virtual appliance, to provide the industrys first and only state-of-the-art Virtual Infrastructure Security Assessment (VSA). Further expanding Catbirds network of veteran security partners, KCG will deliver the Catbird VSA to help IT administrators identify and close potential gaps in security and compliance created in the move from P to V. KCG will provide the VSA to customers in the Department of Defense, Civilian Agencies, and the Department of Homeland Security. The Catbird VSA offered by KCG is a 30-day virtual infrastructure assessment which includes a thorough security analysis, detailed reports with actionable intelligence, and a comprehensive plan to mitigate risk and protect critical virtual systems, networks, desktops, and processes. It combines tr

Through an existing prime contract, the Naval Research Laboratory (NRL) has awarded a task to Smartronix for software and services that will be used within a comprehensive security management solution that the Office of Naval Research (ONR) is building. The solution will combine multiple security functions into an integrated, interoperable whole. The task covers the program management and integration efforts of Smartronix and combines software and services from Telos for its Xacta IA Manager solution and from IBM for its Internet Security Systems (ISS) solution. The goal of this project is to remove stovepipes between security systems to ensure that U.S. Navy information systems security encompasses configuration management, vulnerability management and asset management as well as security compliance testing and reporting. By tying multiple security solutions together, Navy programs will be able to create and tailor security workflows more effectively and build repeatable security so

Secure Computing Corporation, a leading enterprise gateway security company, today announced it has been positioned by Gartner, Inc., a premier research and advisory firm, in the Leaders Quadrant of the Magic Quadrant for E-mail Security Boundaries report published on September 11, 2008.

Secure Computing Corporation, a leading enterprise gateway security company, today announced it has been positioned by Gartner, Inc., a premier research and advisory firm, in the Leaders Quadrant of the Magic Quadrant for Secure Web Gateway report published on September, 11, 2008.

Vulnerability assessment technology is a crucial tool for an organization to properly secure its network infrastructure. As such, vulnerability assessment products have become a requirement of many government and industry regulations. This combination has resulted in a high-growth market that is also very competitive and difficult to penetrate. New analysis from Frost & Sullivan (networksecurity.frost.com), World Vulnerability Assessment Products Markets, finds that the market earned revenues of $297.5 million in 2007 and estimates this to reach just under $1 billion in 2014.

McAfee, the world's largest dedicated security provider, announced the Security Content Automation Protocol (SCAP) validation of McAfee Policy Auditor 5.0. Classified as a Federal Desktop Core Configuration (FDCC) Scanner and Authenticated Configuration Scanner, Policy Auditor 5.0 is the first enterprise-ready product to achieve this validation, enabling U.S. Federal agencies to comply with the FDCC mandate.

CA enhanced its market leading CA Clarity Project and Portfolio Manager (PPM) solution by fully integrating cost and schedule measurement functionality to help U.S. Federal government agencies and contractors conform to the ANSI/EIA-748 standard for Earned Value Management Systems. CAs advanced Earned Value Management (EVM) functionality addresses the need for a comprehensive project tracking and reporting solution at a time when EVM is the number one factor driving public-sector growth in the adoption of PPM solutions, according to industry analyst firm Gartner. By including EVM in its Federal PPM solution, CA extends its existing capabilities around Capital Planning and Investment Control (CPIC) which improve the quality and speed of Exhibit 300 and 53 business case submissions.

Cloakware, the security solutions provider that makes security inseparable from software, announced that it will bolster its business initiatives through Intel Business Builder, a comprehensive set of interconnected services exclusive to Intel Software Partner Program members. These services will help expose Cloakwares best-in-class password management platform to a broad and targeted audience and include the Intel Business Exchange (Intel BX), tools and resources to enable applications for advanced Intel technologies, the Intel Certified Solutions Program and the SpikeSource Solutions Factory.

Sircon Corporation, provider of producer lifecycle solutions for the insurance industry, and Compliance 360, provider of on-demand governance, risk management and compliance software and solutions for the insurance industry, announce a partnership to launch SirconEDGE. The partnership will combine Sircon's rich regulatory content with Compliance 360's content delivery technology to create SirconEDGE, an industry-leading on-demand compliance tool providing regulatory intelligence and compliance management for insurance carriers, agencies and brokers. Compliance 360 is a leader in providing governance, risk management and compliance (GRC) solutions for the insurance industry, said Gary Gummig, vice president of regulatory solutions for Sircon. By combining Sircon's rich insurance regulatory content with Compliance 360's delivery platform, we will help our customers manage their producer licensing compliance programs in a more efficient and confident manner than ever before.

Dynamics Research Corporation announced that it has been awarded a $3.43 million task order by the United States Coast Guard through the Enterprise Acquisition Gateway for Leading Edge Solutions (EAGLE) Program. The contract, which is for one base year and three option years, is to assist the Information System Security Manager (ISSM) in responding to Information Technology (IT) Notices of Findings and Recommendations (NFR) from recent financial audits. DRC is the prime contractor, teaming with Total Systems Technology Corporation, and Kearney & Company for the companys fifth task order under EAGLE.

Secure Computing Corporation today announced it has signed a definitive agreement to acquire Securify, a provider of identity-based monitoring solutions, for approximately $15 million plus an earn-out of up to $5 million.

Secure Computing Corporation today announced that it has been named the worldwide market leader for Web security appliances, according to leading market research firm IDC.

Shavlik Technologies' Flagship NetChk Protect Simplifies and Centralizes Security Management of All Virtual Machines Both Online AND Offline

Hawaiis Punahou School Deploys Secure Computings Secure Web to Bolster Internet Security

Shavlik Technologies' customers utilize single solution to simplify and automate the reports recommended steps of Assess, Prioritize, Remediate, Repeat.

Secure Elements announced that the company has released a new version of the C5 Compliance Platform capable of auditing and managing EPA ENERGY STAR settings for Windows XP and Vista for Desktop and Laptop configurations consistent with the NIST Security Content Automation Protocol (SCAP). The C5 Compliance Platform is currently used by the Presidential Management Agenda (PMA) Scorecard Agencies for reporting their FDCC Security Settings to OMB. These agencies are now able to use C5 to audit and manage their power savings settings within the same compliance solution, thereby complying with Executive Order 13423, which requires federal agencies to activate ENERGY STAR sleep features on computers and monitors.

Three surveys, with more than 780 respondents, show the increasing importance of enterprise risk management (ERM) to chief financial officers, audit committee members and chief audit executives. Crowe Chizek and Company LLC released the surveys results, which included participants from a broad spectrum of public and private companies, with revenues ranging from $100 million to more than $10 billion. The surveys found that more than 65 percent of chief financial officers (CFOs) and 70 percent of audit committee members cited managing enterprise risk as the biggest challenge for their organizations over the next 12 months. According to those surveyed, ERM was considered an even bigger challenge than improving financial reporting and improving internal controls for CFOs.

StoredIQ, whose innovative eDiscovery technology revolutionizes the way companies address electronic discovery and litigation readiness, announced today that Network Products Guide, a Silicon Valley Communications publication and a world leading publication on technologies and solutions has named the StoredIQ appliance a winner of the 2008 Best Products and Services Award. This respected annual award honors products and services that represent the rapidly changing needs and interests of the end-users of technology worldwide. As part of the tech-industrys leading global awards program, this years Best Products and Services were nominated from all over the world.

Triumfant has announced that Network Products Guide, a Silicon Valley Communications publication and a world leading publication on technologies and solutions has named Triumfant Compliance Manager a winner of the 2008 Best Products and Services Award. This respected annual award honors products and services that represent the rapidly changing needs and interests of the end-users of technology worldwide. As part of the tech industry's leading global awards program, this year's Best Products and Services were nominated from all over the world. Triumfant Compliance Manager dramatically reduces the time and costs necessary to achieve compliance with a variety of regulations-- including Federal Information Security Management Act (FISMA), Federal Desktop Core Configuration (FDCC), Payment Card Industry Data Security Standard (PCI DSS), and custom IT policies -- and is NIST Security Content Automation Protocol (SCAP) validated in accordance with the OMB FDCC security mandate for all Federal

DigitalStakeout, an innovator and source of breakthrough Security Information and Event Management (SIEM) solutions, today released its summary of the results from its inaugural Cybersecurity Defense-in-Dimension Roundtable held in Washington, D.C.The Roundtable worked and identified four cornerstone issues as the basis for expanded future roundtable discussions. The four issues are: -- The immutable need for integration of Global threat intelligence in business/mission based security infrastructures -- The need to move to dynamic information-centric cybersecurity systems that support all source analysis and enable non-obvious threat attribution -- The priority to drive performance based strategies with value based mission and business metrics -- Create a Trusted SIEM reference architecture that breaks the contextual constraints of defense-in-depth and advances Defense-in-Dimension as the way forward.

Secure Computing Introduces Secure Web Reporter for Complete, Real-Time Viewing of Web Activity, Security, Performance and Compliance

LogicEase Solutions, provider of the mortgage industry's leading suite of risk management solutions - ComplianceEase, announced that the United States Patent and Trademark Office (USPTO) issued U.S. Patent No. 7,386,505 to LogicEase on June 10, 2008, following the Notice of Allowance provided on November 23, 2007. This patent is the first of its kind issued with respect to an automated compliance solution for the mortgage industry. Patent No. 7,386,505, entitled System and Method for Automated Compliance with Loan Legislation, covers ComplianceEase's Automated Compliance System - ComplianceAnalyzer(R). This expert system examines mortgage loans and, in real-time, produces loan level reports and analytics with respect to applicable laws and regulations at multiple jurisdictional levels.

Secure64 Software Corporation has developed a product that dramatically simplifies the implementation and management of DNSSEC. Secure64 DNS Signer is the first and only product that addresses each of the obstacles that have slowed the widespread deployment of DNSSEC zone signing, including the need for simplicity, security, auditability and scalability. While recent patching efforts have mitigated the impact of the cache poisoning vulnerability identified by Dan Kaminsky and widely reported by the media, deployment of DNSSEC is widely regarded as the only viable long-term solution to securing the Domain Name System (DNS).

The OWASP Foundation ( www.owasp.org) has posted their final speaker selection for their upcoming conference in New York City. The conference will take place September 22nd - 25th, downtown at Pace University, located at One Pace Plaza.This application security world conference will be the largest OWASP conference ever. The Keynote Speakers for this event will include Howard A. Schmidt, Former White House Cyber Security Advisor, Joe Jarzombek, the Director for Software Assurance in the Department of Homeland Security (DHS), and Jeff Williams, Chairman of the OWASP Foundation. Jeremiah Grossman, Robert RSnake Hansen, along with many other well known application security pioneers, will present new research, findings and solutions. This conference is limited to only 1,000 attendees, so reserve your spot immediately.

Merlin International and CA, announced that Merlin has been selected by the U.S. Department of Veterans Affairs (VA) to provide CAs robust identity and access management solutions to support the majority of the Departments identity management and access management requirements. The solutions are designed to enable VA to leverage e-Authentication, verify proper access to information, protect data, simplify internal systems, and enhance compliance with FISMA, HSPD 12 and HIPAA. VA makes benefits and services available for approximately 60 million veterans and their family members. With more than 230,000 employees, 153 medical centers and 800 Community Based Outpatient Centers, VA is the largest direct health care delivery system in America. By deploying enterprise-wide identity and access management solutions, VA will be able to provide secure delivery and access to Web-based applications; enhance veteran access to benefit and health information; improve regulatory compliance; improve

SCIPP International, a global non-profit organization dedicated to providing world-class security awareness training and certification services, has announced that it has received an endorsement of its security awareness course content and its proprietary body of knowledge known as SCIPP GAP (Generally Accepted Practices) as it pertains to disaster recovery, from the Business Continuity Institute-USA Chapter. SCIPP's proprietary Security Awareness training and certification program satisfies organizational compliance requirements for security awareness as defined in the Payment Card Industry (PCI-DSS), the Federal Information Security Management Management Act (FISMA), the Gramm-Leach Bliley Act (GLB), the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), the Federal Financial Institutions Examination Council (FFIEC) Guidelines, and other industry specific bodies that regulate reporting and best business practice requirements.

Triumfant announced that Triumfant Compliance Manager(TM) has achieved NIST Security Content Automation Protocol (SCAP) validation in accordance with the OMB Federal Desktop Core Configuration (FDCC) security mandate for all Federal agencies. Triumfant Compliance Manager is the only stand-alone solution that actively maintains a perpetual state of compliance and audit-readiness on every PC, laptop and server, every day. Triumfant Compliance Manager dramatically reduces the time and costs necessary to achieve compliance with a variety of regulations-including Federal Information Security Management Act (FISMA), FDCC, Sarbanes-Oxley, Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and custom IT policies-while making the organization more secure in the process. Based on the uniquely powerful Triumfant IT Intelligence(TM) platform, Compliance Manager continuously verifies and enforces security policies on every PC, laptop,

Triumfant, the industry leader in Automated Compliance Monitoring and Control software, today announced that Triumfant Compliance Manager has achieved NIST Security Content Automation Protocol (SCAP) validation in accordance with the OMB Federal Desktop Core Configuration (FDCC) security mandate for all Federal agencies. Triumfant Compliance Manager is the only stand-alone solution that actively maintains a perpetual state of compliance and audit-readiness on every PC, laptop and server, every day. Triumfant Compliance Manager dramatically reduces the time and costs necessary to achieve compliance with a variety of regulations-including Federal Information Security Management Act (FISMA), FDCC, Sarbanes-Oxley, Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and custom IT policies-while making the organization more secure in the process. Based on the uniquely powerful Triumfant IT Intelligence platform, Compliance Manag

Stanley, provider of systems integration and professional services to the U.S. federal government, today announced that it was awarded a five-year information technology security support services contract by the Millennium Challenge Corporation (MCC), a U.S. Government corporation designed to work with some of the poorest countries in the world. If all four of the annual options are exercised, the total five-year value of the time and materials contract will be approximately $5.6 million. Stanley is honored to have the opportunity to support our new customer, the Millennium Challenge Corporation, in its mission to reduce global poverty through the promotion of sustainable economic growth, said Phil Nolan, chairman, president and CEO of Stanley. We are also very pleased to be working on this effort with Iron Vine Security, LLC.

WorldExtendR, provider of remote data and application access software,has announced that its IronDoorR 3.5 remote network access software will make it simple for small to medium sized organizations to immediately implement a realistic telecommuting program for staff. This follows recent research from such respected institutions as the Telework Exchange and MSNBC confirming that telecommuting can significantly reduce both environmental pollution and fast-escalating travel costs associated with inflated gas prices. IronDoor 3.5's software-based secure remote network access enables small to medium sized organizations to set up a telecommuting or telework program by providing staff with secure, anytime/anywhere access to both applications and data (similar to Citrix). By ensuring that remote users can now securely access any resources they require, IronDoor 3.5 will facilitate staff in the reduction of rapidly-escalating costs associated with commuting - which recent MSNBC research estimat

Guardium, the database security company, and BMC Software are hosting a Webcast to provide government agencies with effective strategies for safeguarding Personally Identifiable Information (PII) in sensitive databases and easily complying with OMB M-06-16. The OMB directive states that government departments and agencies must log all extracts from databases holding sensitive information and verify each extract including sensitive data has been erased within 90 days or its use is still required. Major government agencies, such as the Federal Trade Commission, have already improved database security and addressed compliance regulations by deploying Guardium's database activity monitoring (DAM) solution. Guardium 7 monitors and tracks all access to sensitive data, across all major DBMS platforms and applications, without impacting database performance or requiring changes to applications.

Archer Technologies (Archer), a provider of enterprise governance, risk and compliance solutions, today announced the release of its Data Feed Manager, which provides a new way for companies to perform rapid integrations between industry-leading products and the Archer SmartSuite Framework. Designed for use by technical business analysts, the Data Feed Manager allows Archer clients and partners to use the Archer Framework as a point of consolidation, bringing together data from any source for correlation, analysis, process management and reporting. A vital component of any governance, risk and compliance program is the ability to form an aggregate view of risks, vulnerabilities, metrics and operational data within the enterprise, says Jon Darbyshire, president and CEO of Archer Technologies. With the Data Feed Manager, Archer is putting power in the hands of technical business users to rapidly integrate enterprise data systems with the Archer SmartSuite Framework. This is a new market

Ounce Labs announced that the company's Advanced Research Team (ART) has documented two vulnerabilities that can affect Java web applications that utilize the Spring Framework. With more than five million downloads of Spring to date, the security vulnerabilities identified could affect countless enterprises that utilize this commonly used framework. The specific vulnerabilities are 'ModelView Injection' and 'Data Submission to Non-Editable Fields.' These vulnerabilities allow attackers to subvert the expected application logic and behavior, gaining control of the application itself, and access to any data, credentials or keys held in the application. Although the two vulnerabilities discovered and analyzed by Ounce are part of the Spring Framework, Ounce Labs ART experts believe that similar issues can be found in other popular Frameworks. The ART Team has worked closely with the security team from SpringSource, the company behind Spring, to confirm these security issues and develop re

Compliance11, provider of regulatory compliance management solutions, announced that it has released Compliance11 Supervisory Suite 2.0. The second generation Software-as-a-Service application has an enhanced design including expanded functionality within each of the software's four modules -- personal trading, affirmations and disclosures, gifts and case management. Tad Mitchell, president and chief operating officer at Compliance11 said, As a SaaS provider we are able to constantly enhance the application with no impact or cost to our customer base. Our solutions are based on the feedback and direction of our clients resulting in a synergistic and effective compliance management product suite.

McAfee announced enhancements to McAfee Total Protection (ToPS) for Endpoint, McAfees flagship endpoint security solution. This release provides new and updated compliance and security functions, including powerful policy auditing, flexible network access control, rogue system detection, enhanced Web security and improved anti-malware technology. The integration of management capabilities between endpoint security and compliance management enables customers to reduce costs, improve visibility and comply with industry & security policy across their entire infrastructure. According to Research VP Paul Proctor, Gartner, Inc. Companies today realize that they need more than just good security controls, and that they must also address compliance with internal security policies and industry regulations. A combination of good security functions and compliance management improves security operations efficiency and maturity.

netForensics, a visionary leader in the Information Security Management market, announced new functionality in its flagship Security Information Management (SIM) application that provides unprecedented guidance for managing and reporting on critical IT security issues, as well as compliance with regulatory requirements and standards. The integration of the new security audit framework into its nFX SIM One product enables netForensics to deliver the market's most comprehensive solution for managing and reporting on IT security and third-party compliance requirements. Modules that address specific regulations, such as PCI, Sarbanes-Oxley, HIPAA and FISMA, easily plug into the framework for quick deployment and rapid time to value. The first module delivered as part of the release of the new security audit framework helps retail organizations manage themselves against the Payment Card Industry (PCI) Data Security Standard.

Shavlik Technologies, the market leader in delivering software solutions that rapidly accelerate and continuously improve security and compliance readiness, has announced that the Shavlik Security Suite has earned Security Content Automation Protocol (SCAP) validation, a U.S. government-mandated initiative for standards based security automation.

A new publication released by the National Institute of Standards and Technology (NIST) on June 30 can help information system managers negotiate the often complex process of assessing security controls in their information systems. Although designed specifically to meet the needs of federal IT managers who must satisfy government requirements called for in the 2002 Federal Information Security Management Act (FISMA), the new guide can be useful to IT professionals across the industry. The document, Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, is designed to assist managers in assessing the effectiveness of the security controls called for in NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems. SP 800-53 is one of the core documents supporting the Risk Management Framework that was developed for federal agencies by NIST as part of its FISMA responsibilities. SP 800-53 specifies a flexib

Shavlik Technologies, provider of software solutions that rapidly accelerate and continuously improve security and compliance readiness, today announced that the Shavlik Security Suite has earned Security Content Automation Protocol (SCAP) validation, a U.S. government-mandated initiative for standards-based security automation. The SCAP protocols enable security software technologies to exchange system configuration controls and vulnerability information in a standard format. This ensures that security-related content can be accurately and consistently processed within any SCAP-validated tool. SCAP validation gives government customers the freedom to select a best-of-breed solution that meets their needs and satisfies federal security initiatives and regulations. The Shavlik Security Suite delivers an SCAP Edition that is one of few SCAP-validated tools that simplifies and automates both assessment and remediation.

StillSecure, provider of secure network infrastructure solutions, announced that EWA-Canada has been contracted to conduct Security Content Automation Protocol (SCAP) testing for StillSecure VAM, the company's vulnerability management system. SCAP is a method for using NIST-approved standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance). SCAP falls under the Information Security Automation Program (ISAP), which is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations.

Shavlik Technologies, the market leader in delivering software solutions that rapidly accelerate and continuously improve security and compliance readiness, today announced that the Shavlik Security Suite has earned Security Content Automation Protocol (SCAP) validation, a U.S. government-mandated initiative for standards-based security automation. The SCAP protocols enable security software technologies to exchange system configuration controls and vulnerability information in a standard format. This ensures that security-related content can be accurately and consistently processed within any SCAP-validated tool. SCAP validation gives government customers the freedom to select a best-of-breed solution that meets their needs and satisfies federal security initiatives and regulations. The Shavlik Security Suite delivers an SCAP Edition that is one of few SCAP-validated tools that simplifies and automates both assessment and remediation.