National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Security Content Automation Protocol (SCAP) 1.2 Product Validation Record

Validation Number: 138 Rapid7
Vendor: Rapid7
Product Name: Nexpose
Product Major Version: 6
Product Version Tested: 6.2.1
Tested Platforms:
Microsoft Windows XP Professional SP3: Domain-joined and Standalone
Microsoft Windows Vista SP1: Domain-joined and Standalone
SCAP 1.2 Capabilities:
Authenticated Configuration Scanner
Common Vulnerabilities and Exposures (CVE)
Validated Product
Vendor Provided SCAP Information
Dates Tested: 10/20/2015 12:00:00 AM - 4/8/2016 12:00:00 AM
Report Submitted: 11/20/2015 12:00:00 AM
DTR Version: NIST IR 7511 Revision 3
Validation Test Suite:
version 1-2.0.0.0 (December 2012 release includes R600-1.2.0.0.1, R1900-1.2.0.0.2, R3300-1.2.0.0.3 out of cycle updates)
version 1-2.0.1.0 (August 2013 release)
version 1-2.0.2.0 (March 2014 release)
version 1-2.0.3.0 (April 2015 release)
version 1-­2.1.0.0 (April 2016 release)
version 1-­2.1.1.0 (June 2016 release)
Previous Validation
SCAP and Product Version:
Nexpose 5.1 SCAP 1.0
NVLAP Lab: - Acumen Security
Validation Date: 5/9/2016 12:00:00 AM
Comments: An exception was granted for SCAP.R.2000.5 because there isn’t a clearly defined method for exporting the same OVAL variable with multiple values.

Note: The vendor assertions document (aka Vendor Provided SCAP Information) was provided by the vendor. The descriptions do not imply endorsement by the U.S. Government or NIST.