SUNNYVALE, Calif. - July 22, 2009 - Fortinet^® - a market-leading network security provider and worldwide leader of unified threat management (UTM) solutions today announced that the FortiScan™ product line has completed the Secure Content Automation Protocol (SCAP) validation. In order for government agencies to provide Federal Information Security Management Act (FISMA) compliance reporting, they must utilize a SCAP validated product. Likewise, in order for vendors to sell to the federal government, their products must be SCAP validated.

The SCAP compliance program was established to ensure that security tools comply with the National Institute of Standards (NIST) and Technology SCAP standards. In addition, the compliance program enabled federal agencies to not only continuously monitor systems against the Office of Management and Budget mandated Federal Desktop Core Computing (FDCC) standards, but also provide reporting in a consistent format within FISMA.

The Fortinet FortiScan appliance allows organizations to identify and close IT compliance gaps and implement continuous monitoring in order to audit, evaluate, and comply with internal, industry, and regulatory policies for IT controls and security. The FortiScan appliance utilizes SCAP benchmarks and technologies to facilitate compliance validation against these published standards.

FortiScan provides a centrally managed, enterprise-scale solution. System administrators can monitor as well as optionally remediate assets from a central location that may or may not be geographically collocated with the assets without the need to manually visit potentially thousands of assets in person. The FortiScan appliance also provides the ability to correlated SCAP scanning results including Common Vulnerabilities and Exposures (CVE®), Common Configuration Enumeration (CCE), Common Platform Enumeration (CPE™), Common Vulnerability Scoring System (CVSS) and Open Vulnerability and Assessment Language (OVAL™) references (where appropriate) as well as export detailed reports in Extensible Configuration Checklist Description Format (XCCDF) format.

FortiScan offers federal agencies and enterprises alike, a highly adaptable solution for conducting continuous monitoring and reporting of FDCC compliance within FISMA. Not only does FortiScan provide agent-based scanning/reporting for organizations that have NAT networks, but also agent-less capabilities for network discovery. FortiScan integrates endpoint vulnerability management, industry and federal compliance, patch management, remediation, auditing and reporting into a single, unified appliance for immediate results.

ÏWe are very pleased to have completed the SCAP Validation Program with our FortiScan product. In typical Fortinet fashion, FortiScan is delivered in a unified appliance designed to provide immediate results, integrating endpoint vulnerability management, industry and federal compliance, patch management, remediation, auditing and reporting, said Jeff Lake, vice president of Federal operations at Fortinet.

A listing of Fortinets SCAP validation can be found at: http://nvd.nist.gov/validation_fortinet.cfm