nCircle Adds Additional FDCC and New DISA STIG Policies to Award-Winning Agentless Configuration Auditing Solution

San Francisco, August 16, 2010 — nCircle, the leader in security and compliance auditing solutions, today announced significant new additions to its U.S. government policies supporting the Federal Desktop Core Configuration (FDCC) and Security Technical Implementation Guide (STIG) standards. These standards describe the optimal secure configuration of systems on government networks. The new policies are part of nCircle Configuration Compliance Manager’s rich library of over 100 policies that enables enterprises and government agencies to automate configuration auditing.


nCircle Configuration Compliance Manager (CCM) is a comprehensive, agentless configuration auditing and file integrity monitoring solution that gathers configuration information from every system on the network. CCM automatically discovers configurations and compares them to any of the more than one hundred built-in policies, identifying non-compliant configurations and alerting on high-risk misconfigurations. Unlike agent-based systems, CCM does not require any software to be installed on the target system, so every asset on the network can be continuously scanned.

The U.S. Office of Management and Budget (OMB) and the Defense Information Systems Agency (DISA) have mandated the implementation of FDCC and STIG guidelines to ensure that U.S. government and Department of Defense agencies meet core configuration standards for IT systems. nCircle is a charter member of the committees that created the SCAP standard and nCircle CCM is SCAP-validated.

The CCM Policy Library update includes:

  • New FDCC Internet Explorer 7 policy
  • New FDCC Vista Firewall policy
  • New FDCC XP Firewall policy
  • New Windows 2008 Member Server STIG policy
  • New Windows 2008 Domain Controller STIG policy
  • New CIS-certified Windows 7 policy
  • Updated existing FDCC Vista policy
  • Updated existing FDCC XP policy

“The new policies in nCircle Configuration Compliance Manager further increase nCircle’s industry-leading coverage,” said Tim Keanini, Chief Technology Officer at nCircle. “The continued expansion of our policy library to support federal standards represents our ongoing commitment to enabling government agencies to improve their security and achieve compliance at the lowest possible cost.”

About nCircle Suite360

nCircle provides the world’s most comprehensive suite of solutions for agentless security and configuration auditing for physical and virtual IT environments. nCircle’s solutions combine the broadest discovery of networked systems and their operating systems, applications, vulnerabilities and configurations with advanced analytics to help enterprises reduce security risk and achieve compliance. nCircle’s solutions includes IP360™ for vulnerability management and risk management, WebApp360™ for web application vulnerability auditing, Configuration Compliance Manager™ (CCM) for configuration auditing and file integrity monitoring, Certified PCI Scan Service™ for on-demand self-service PCI scanning, and Suite360 Intelligence Hub™ for IT governance, risk and compliance (ITGRC) reporting and analytics.

About nCircle

nCircle is the leading provider of automated IT security and compliance auditing solutions. More than 4,500 enterprises, government agencies and service providers around the world rely on nCircle’s proactive solutions to manage and reduce security risk and achieve compliance on their networks. nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership.  nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. Additional information about nCircle is available at www.ncircle.com.