Vulnerability, Compliance & Much More

The SCAP specifications are broadly useful in addressing a variety of key challenges commonly faced in enterprise environments. They comprise a language that makes it possible to declare how virtually any aspect of a machine's configuration should be set. Since Joval can read any valid SCAP document, and scan virtually every type of machine found in the enterprise, it radically simplifies the implementation of many important enterprise use-cases.


IT administrators are faced with inceasingly complex and challenging configuration management responsibilities, stemming from both regulatory and security requirements.

  • Secure Baselines (USGCB, STIG, CIS, RedHat SSG, ...)
  • Regulatory Compliance (FISMA, HIPAA, PCI, Basel III, SarBox, HITECH Act, and more)
  • Internal Compliance Controls
  • Configuration Best Practices
Learn More


HeartBleed, Shellshock and POODLE have shown that the need to continuously scan for vulnerabilities extends beyond the Windows domain.

  • NIST National Vulnerabilty Database (NVD, CVE)
  • Debian Security Advisory Repository
  • RedHat Security Advisory Repository
  • SUSE Security Incident Repository
  • Cisco PSIRT OVAL Repositry
Learn More

Secure Baseline

CISOs need the ability to leverage existing industry and government best practices for secure configuration during all phases of the asset and infrastructure managment lifecycle.

  • US Government Secure Baselines (Windows, RHEL)
  • RedHat SCAP Security Guide (RHEL)
  • Secure Technical Implementation Guidelines (All)
  • Center for Internet Security Benchmarks (All)
Learn More

Security Content Authoring

Security Content Authors need a robust, fully-featured interpreter without all the baggage of the typical enterprise security automation suite.

  • Fanatical adherence to the underlying specifications
  • Used by leading content development organizations to test and validate content
  • View diagnostic reports to identify content issues
  • Supports regression testing of content
Learn More

Audit & Drift

Over 80% of IT incidents result from changes in the environment. Maintaining an independent record of configuration history is a crucial best practice.

  • Identify breaking configuration changes
  • Audit changes and/or values over time
  • Compare different machines
  • Capture system configuration, database and XML data.
Learn More

File Integrity

Monitor key files across a wide variety of platforms for change and corruption to help ensure your systems remain stable and secure.

  • Monitor file checksums, content and metadata
  • Identify changes over time
  • Identify anomolies between systems
  • Enforce whitelists and blacklists
Learn More

SCAP 1.2 & SCAP 1.3 Validation

Government technology providers can adopt Joval to meet NISTs SCAP 1.2 and 1.3 requirements, satisfying OMB Mandate M-08-22 and associated procurement requirements. Joval has proven coverage for all NIST validation programs:

  • Windows
  • RHEL
  • OCIL
Learn More

Remote Management

The Joval Remote Management SDK allows developers to directly access Joval's reliable, standards-based system access capabilties:

  • True platform-independent management
  • 100% agentless capabilities
  • Out-of-the-box support for SSH, WS-Management & NETCONF
  • Firewall-friendly
Learn More


The Joval architecture makes it easy for developers to create custom test types, add platforms, and support pre-existing connectivity methods.

  • Schema-Driven Language Engine: permits registration of custom data models
  • System Access Facade: allows custom providers to implement data collection
  • Plugin Architecture: simplifies extension of core capabilties
Learn More
Joval Developer Edition

Developer Edition

Add powerful scanning and assessment capabilities to your software product.

Learn More
Joval Enterprise Edition

Enterprise Edition

Run continuous, standards-based security assessments across your enterprise.

Learn More
Joval Professional Edition

Professional Edition

Run ad hoc scans, test and validate content, and diagnose complex results.

Learn More

Widely Deployed


SCAP-enabling Mature Product Suites


Powering Cloud-based Configuration Assessment


Continual Vulnerabilty & Baseline Assessments

DoD & DoE

Continuous Configuration Monitoring & Compliance


Delivering Continuous Compliance & Security

Content Authors

Testing & Validating Authoritative Content

Awesome Support

Fast and knowledgeable support comes with every Joval purchase, including integration support to make onboarding a snap and incredible same-day help once you're up and running.

Commercial Support

Upgrades On Us

Upgrades are included at no extra charge with every Joval license subscription so you know you have the software and support you need to be successful.

Learn More