Note: The solutions discussed below only represent a small subset of the entire Ivanti product portfolio. Visit to learn more.

USGCB: What It Is

The United States Government Configuration Baseline (USGCB), which emerged from the Federal Desktop Core Configuration (FDCC), was developed by the National Institute of Standards and Technology (NIST), the Department of Defense (DoD), and the Department of Homeland Security (DHS). It provides a set of security configuration standards with which all federal agencies must comply, as mandated by the Office of Management and Budget (OMB).

USGCB Compliance: Why It Matters

USGCB is designed to provide federal agencies with configuration criteria by which to assess and, when necessary, remediate the IT endpoint assets within or under their purview. USGCB compliance is intended to reduce costs for both the deployment and management of desktop systems, as well as enable more consistent and better documented security. It requires specific reports be generated by every federal agency to demonstrate compliance.

Ivanti Endpoint Security Software: USGCB and SCAP Compliance, and More

Ivanti enables agencies to comply with USGCB standards by providing a Security Content Automated Protocol (SCAP)-validated USGCB scanner that assesses, standardizes, and reports against required configurations.

Ivanti can secure endpoint configurations, enable USGCB Compliance, and unify the functions of IT operations and security through a single console, server, and agent architecture. With Ivanti, you and your team can address IT risk and systems management requirements seamlessly and more effectively, across your entire agency. Ivanti helps your agency take a “defense-in-depth” approach to IT security that protects against a wide variety of threat vectors, including advanced persistent threats (APTs).

Endpoint security software from Ivanti ensures that agency endpoint configurations are compliant with the standards outlined in the USGCB. Ivanti solutions import SCAP policy templates, run network- and agent-based scans, enforce policies, and provide network-wide reports. Ivanti endpoint security software checks the security properties of network devices, and effectively maps security configuration controls to these agency endpoints. This enables your team to enforce proper configurations and report against USGCB requirements to prove compliance.

By delivering a comprehensive vulnerability management solution that includes a SCAP-validated USGCB scanner, Ivanti enables federal agencies to:

  • Manage policies – Define, edit, and import / export security configuration policies from SCAP documents.
  • Assess policies – Assess and apply appropriate policies to applicable systems in a flexible manner.
  • Enforce policies – Enforce and maintain required security configurations by automating the remediation process of non-compliant machines.
  • Generate reports – Report on policy compliance with required security configurations, including high-level and detailed views of the agency endpoint configurations, such as total percent of compliant vs. noncompliant machines, detailed information on individual devices, and many more.

Learn more about Ivanti Endpoint Security Software.