NEWS

Fortinet^® - a market-leading network security provider and worldwide leader of unified threat management (UTM) solutions - today announced that the FortiScan™ product line has completed the Secure Content Automation Protocol (SCAP) validation. In order for government agencies to provide Federal Information Security Management Act (FISMA) compliance reporting, they must utilize a SCAP validated product.

The SCAP program was established to ensure that security tools comply with the National Institute of Standards and Technology (NIST) standards. In addition, the compliance program enabled federal agencies to not only continuously monitor systems against the Office of Management and Budget mandated Federal Desktop Core Computing (FDCC) standards, but also provide reporting in a consistent format within FISMA.

The Fortinet FortiScan appliance allows organizations to identify and close IT compliance gaps and implement continuous monitoring in order to audit, evaluate, and comply with internal, industry, and regulatory policies for IT controls and security. The FortiScan appliance utilizes eXtensible Configuration Checklist Description Format (XCCDF) for customizable benchmarks as well as FDCC compliant benchmarks.

FortiScan provides a centrally managed, enterprise-scale solution. System administrators can monitor as well as optionally remediate assets from a central location that may or may not be geographically collocated with the assets - without the need to manually visit potentially thousands of assets in person. The FortiScan appliance also provides the ability to correlated FDCC scanning results by conforming to industry standards such as Common Vulnerabilities and Exposures (CVE®), Common Configuration Enumeration (CCE), Common Platform Enumeration (CPE™), Common Vulnerability Scoring System (CVSS) and Open Vulnerability and Assessment Language (OVAL™) references (where appropriate) as well as export detailed reports in Extensible Configuration Checklist Description Format (XCCDF) format.

FortiScan offers federal agencies a highly adaptable solution for conducting continuous monitoring and reporting of FISMA compliance. FortiScan provides agent-based scanning/reporting for complex networks that support today's architectures of remote and roaming networks as well as VPN and NAT networks. FortiScan even has agent-less capabilities for network discovery. FortiScan integrates endpoint vulnerability management, industry and federal compliance, patch management, remediation, auditing and reporting into a single, unified appliance for immediate results.

"We are very pleased to have completed the SCAP Validation Program with our FortiScan product. In typical Fortinet fashion, FortiScan is delivered in a unified appliance designed to provide immediate results, integrating endpoint vulnerability management, industry and federal compliance, patch management, remediation, auditing and reporting," said Jeff Lake, vice president of Federal operations at Fortinet.

A listing of Fortinet's SCAP validation can be found at: http://nvd.nist.gov/validation_fortinet.cfm

About Fortinet (www.fortinet.com)
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in five programs by ICSA Labs: (Firewall, Antivirus, IPSec, Network IPS and Anti-Spam). Fortinet is privately held and based in Sunnyvale, California.

Copyright © 2009 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiDB and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements herein attributed to third parties.