USGCB Compliance Solutions

Demonstrate USGCB compliance with this government security initiative

The United States Government Configuration Baseline (USGCB) is a United States government-wide initiative that guides federal agencies on what they can do to improve and maintain effective configuration settings focusing primarily on security. This initiative aims to create security configuration baselines for IT and security products, specifically on desktops and laptops, deployed across federal agencies. While it's not a standalone regulation like FISMA, USGCB compliance is a core requirement of FISMA.

Which Regulations Matter to You?

We'll help you determine which regulations your organization needs to meet.

Contact Us

How Rapid7 helps get you USGCB compliant

Check and report on asset settings

You can use InsightVM to easily and automatically check the settings on all the assets in your organization to make sure they're passing USGCB compliance requirements-and quickly generate reports on their status. Nexpose is both SCAP validated and a USGCB Certified Scanner by NIST.

Find exploitable vulnerabilities

InsightVM scans all your physical and virtual assets for vulnerabilities, misconfigurations and malware exposure and provides the contextual risk for each found threat, so you can easily prioritize how you want to remediate or mitigate what you find. See what vulnerabilities are keeping you from achieving USGCB compliance.

Generate and submit CyberScope-compatible reports

The ability to generate a CyberScope-compatible report is a core component of Nexpose, so your monthly USGCB compliance reporting requirements can be hands-free and easier than ever. In addition, in InsightVM you can customize a number of other reports, from executive trend summaries to detailed remediation plans.

Webcast: USGCB Compliance

Find out how you can leverage an automated vulnerability management solution such as InsightVM to meet your USGCB monthly reporting requirements and lower your overall security risk.


Get InsightVM and get USGCB compliant

Rapid7's InsightVM vulnerability scanner is both SCAP-validated and a USGCB-certified scanner by NIST. And you can try it for free.