Rapid7's Nexpose Receives United States Government Configuration Baseline (USGCB), CyberScope and Common Criteria EAL 3+ Certifications


Boston, MA — June 5, 2012

Rapid7, the leading provider of security risk intelligence solutions, today announced that Nexpose, the Company's award-winning vulnerability management product, now has expanded Federal certifications to better protect government infrastructure against cyber espionage, targeted attacks, and internal and external threats. In addition to receiving CyberScope certification, Rapid7 Nexpose is one of the first products worldwide to receive United States Government Configuration Baseline (USGCB) Certification, as well as the first vulnerability management product to achieve the Common Criteria Certification for Evaluation Assurance level Augmented (EAL3+). Nexpose allows Federal agencies and government contractors to confidently assess the security posture of IT systems and meet FISMA requirements with a single solution.

“Government agencies are on high alert for attacks from sophisticated attackers, hactivists and malicious insiders,” said Richard Perkett, vice president of engineering, Rapid7. “With the recent USGCB, CyberScope and Common Criteria certifications of Rapid7's Nexpose solution, federal agencies can identify exploitable vulnerabilities while reducing time and costs associated with achieving FISMA compliance. Rapid7's commitment to product innovation is highlighted by Nexpose's achievement of receiving one of the first USGCB certifications in the industry and the highest EAL ranking in the vulnerability management industry.”

Nexpose Federal Edition enables federal agencies and government contractors to verify USGCB baseline configurations for desktop and laptop computers. This meets the mandates from the Federal CIO Council's Technology Information Subcommittee (TIS) at the direction of the Office of Management and Budget (OMB). USGCB is an evolution of the Federal Desktop Core Configuration (FDCC) by the TIS of the CIO Council Architecture and Infrastructure Committee (AIC). USGCB is designed to provide proper configuration baselines for various platforms, including Microsoft Windows 7, Windows 7 Firewall, Windows Vista, Windows Vista Firewall, Windows XP, Windows XP Firewall, Internet Explorer 7 and Internet Explorer 8. With NIST-certified Nexpose, users have a single solution that can automatically scan government IT environments of any size for USGCB and FDCC configuration baseline checks, compliance and vulnerabilties. The solution delivers unified reporting and risk assessment capabilities that result in significant cost and time savings compared to using multiple tools.

As a certified CyberScope solution, Nexpose creates automated security reports and helps agencies to conform to their monthly reporting requirements of key security metrics through the CyberScope application. CyberScope is a web-based application mandated by the Department of Homeland Security (DHS) to provide secure and efficient FISMA reporting for federal agencies. Nexpose enables Federal agencies to submit comprehensive security reports to the CyberScope application, which is required on a monthly basis, helping users meet FISMA requirements.

Nexpose has also received Common Criteria certification for EAL 3+, the highest ranking for any vulnerability management solution to date, allowing federal agencies to confidently purchase the product based on its stringent certification process and rating. Common Criteria is an international standard for computer security ceritifcation, which verifies that a product meets independent security assurance requirements. Twenty-six countries now recognize the Common Criteria (also published as ISO/IEC 15408 and ISO/IEC 18045 international standards) as the official third-party evaluation criteria and methodology for IT security products. In addition, Common Criteria Certification is looked upon favorably and sometimes required by the U.S. Department of Defense and Intelligence Community.

About Nexpose Federal Edition

Rapid7's Nexpose Federal Edition helps federal agencies and contractors conduct complete security assessments for continuous monitoring, automate vulnerability assessment, configuration assessment and asset discovery, and create CyberScope reports that allows federal agencies to easily submit monthly security metrics in CyberScope XML format to meet FISMA requirements. Nexpose's CyberScope reports include details on misconfigurations based on federal configuration checklists such as FDCC and USGCB. To find out how Nexpose Federal Edition can enable Federal agencies and contractors to meet FISMA compliance regulations and create accurate CyberScope reports go to http://www.rapid7.com/solutions/compliance/fisma.jsp

About Rapid7

Rapid7 security analytics software and services reduce threat exposure and detect compromise for 3,000 organizations across 78 countries, including over 250 of the Fortune 1000. We understand the attacker better than anyone and build that insight into our solutions to improve risk management and stop threats faster. We offer advanced capabilities for vulnerability management, penetration testing, controls assessment, incident detection and investigation across your assets and users for virtual, mobile, private and public cloud networks. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.

Media Contact