Press Release

June 05, 2012

Rapid7's Nexpose Receives United States Government Configuration Baseline (USGCB), CyberScope and Common Criteria EAL 3+ Certifications

Nexpose Federal Edition Enables Federal Agencies to Meet FISMA Compliance and Protect Against Cyber Espionage, Targeted Attacks and Internal and External Threats

Boston, MA - June 5, 2012 - Rapid7, the leading provider of security risk intelligence solutions, today announced that Nexpose, the Company's award-winning vulnerability management product, now has expanded Federal certifications to better protect government infrastructure against cyber espionage, targeted attacks, and internal and external threats. In addition to receiving CyberScope certification, Rapid7 Nexpose is one of the first products worldwide to receive United States Government Configuration Baseline (USGCB) Certification, as well as the first vulnerability management product to achieve the Common Criteria Certification for Evaluation Assurance level Augmented (EAL3+). Nexpose allows Federal agencies and government contractors to confidently assess the security posture of IT systems and meet FISMA requirements with a single solution.

“Government agencies are on high alert for attacks from sophisticated attackers, hactivists and malicious insiders,” said Richard Perkett, vice president of engineering, Rapid7. “With the recent USGCB, CyberScope and Common Criteria certifications of Rapid7's Nexpose solution, federal agencies can identify exploitable vulnerabilities while reducing time and costs associated with achieving FISMA compliance. Rapid7's commitment to product innovation is highlighted by Nexpose's achievement of receiving one of the first USGCB certifications in the industry and the highest EAL ranking in the vulnerability management industry.”

Nexpose Federal Edition enables federal agencies and government contractors to verify USGCB baseline configurations for desktop and laptop computers. This meets the mandates from the Federal CIO Council's Technology Information Subcommittee (TIS) at the direction of the Office of Management and Budget (OMB). USGCB is an evolution of the Federal Desktop Core Configuration (FDCC) by the TIS of the CIO Council Architecture and Infrastructure Committee (AIC). USGCB is designed to provide proper configuration baselines for various platforms, including Microsoft Windows 7, Windows 7 Firewall, Windows Vista, Windows Vista Firewall, Windows XP, Windows XP Firewall, Internet Explorer 7 and Internet Explorer 8. With NIST-certified Nexpose, users have a single solution that can automatically scan government IT environments of any size for USGCB and FDCC configuration baseline checks, compliance and vulnerabilties. The solution delivers unified reporting and risk assessment capabilities that result in significant cost and time savings compared to using multiple tools.

As a certified CyberScope solution, Nexpose creates automated security reports and helps agencies to conform to their monthly reporting requirements of key security metrics through the CyberScope application. CyberScope is a web-based application mandated by the Department of Homeland Security (DHS) to provide secure and efficient FISMA reporting for federal agencies. Nexpose enables Federal agencies to submit comprehensive security reports to the CyberScope application, which is required on a monthly basis, helping users meet FISMA requirements.

Nexpose has also received Common Criteria certification for EAL 3+, the highest ranking for any vulnerability management solution to date, allowing federal agencies to confidently purchase the product based on its stringent certification process and rating. Common Criteria is an international standard for computer security ceritifcation, which verifies that a product meets independent security assurance requirements. Twenty-six countries now recognize the Common Criteria (also published as ISO/IEC 15408 and ISO/IEC 18045 international standards) as the official third-party evaluation criteria and methodology for IT security products. In addition, Common Criteria Certification is looked upon favorably and sometimes required by the U.S. Department of Defense and Intelligence Community.

About Nexpose Federal Edition

Rapid7's Nexpose Federal Edition helps federal agencies and contractors conduct complete security assessments for continuous monitoring, automate vulnerability assessment, configuration assessment and asset discovery, and create CyberScope reports that allows federal agencies to easily submit monthly security metrics in CyberScope XML format to meet FISMA requirements. Nexpose's CyberScope reports include details on misconfigurations based on federal configuration checklists such as FDCC and USGCB. To find out how Nexpose Federal Edition can enable Federal agencies and contractors to meet FISMA compliance regulations and create accurate CyberScope reports go to

About Rapid7

Rapid7's IT security data and analytics solutions collect, contextualize and analyze the security data you need to fight an increasingly deceptive and pervasive adversary. Unlike traditional vulnerability assessment or incident management, Rapid7 solutions uniquely provide insight into the security state of your assets and users across virtual, mobile, private and public cloud networks. They enable you to fully manage your risk, simplify compliance, and identify, investigate and stop threats faster. Our threat intelligence, informed by members of the Metasploit open source community and the industry-leading Rapid7 Labs, provides relevant context, real-time updates and prioritized risk. Our solutions are used by more than 25% of the Fortune 1000 and nearly 3,000 enterprise, government and small business organizations across 78 countries. To learn more about Rapid7 or get involved in our threat research, visit

Download pdf
Back to Press Releases Media Contact Phone: 857-288-7438 | Email: