Security Content Automation Protocol: Difference between revisions

To guard against security threats, organizations need to continuously monitor the computer systems and applications they have deployed, incorporate security upgrades to software and deploy updates to configurations. The Security Content Automation Protocol (SCAP), pronounced "ess-cap",<ref>{{Cite journal |last1=Radack |first1=Shirley |last2=Kuhn |first2=Rick |date=2011-02-04 |title=Managing Security: The Security Content Automation Protocol |url=https://ieeexplore.ieee.org/document/5708279 |journal=IT Professional |volume=13 |issue=1 |pages=9–11 |doi=10.1109/MITP.2011.11 |s2cid=5344382 |issn=1520-9202|url-access=subscription }}</ref> but most commonly as "skap" comprises a number of open standards that are widely used to enumerate software flaws and configuration issues related to security. Applications which conduct security monitoring use the standards when measuring systems to find vulnerabilities, and offer methods to score those findings in order to evaluate the possible impact. The SCAP suite of specifications standardize the nomenclature and formats used by these automated vulnerability management, measurement, and policy compliance products.