SSA Security System Analyzer version 1.5.2 released

by

In: Configurations checks , OVAL , SSA , Vulnerability Scanner

18 July 2007

SSA (Security System Analyzer) is a non-intrusive OVAL-Compatible policy compliance and vulnerability assessment software. It provides auditors and security officers a comprehensive solution to keep pace with security compliance requirements (patch management, vulnerability management, software inventories...)

Changelog

  • Based on OVAL 5.3 build 20 (see OVAL project for more information)
  • SSA now supports SCAP (Security Content Automation Protocol). The XML SCAP files are extracted using our new SCAP Parser (SCAP_Patch_Extractor). The coming release of SSA should be completely compatible with XCCDF.
  • SSA now supports scan for missed patches (using SCAP format)
  • Added Windows XP Patches definition file
  • Added Windows Vista Patches definition file
  • Added Windows 2000 Patches definition file
  • Added Office 2007 Patches definition file
  • Added Internet explorer 7 patches definition file
  • Updated OVAL XML Viewer Plugin
  • Updated database to 2039 definitions
  • Added support to CVE search (ex: CVE-2007-* will return all CVEs in 2007 used along with their appropriate OVALids.)
  • Bugs fixed

Documentation should be available by the end of the week.

Any suggestions, please report it to ssa@security-database.com.

Post scriptum

Compliance Mandates

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Configurations checks
OVAL
SSA
Vulnerability Scanner