Content deleted Content added
m Added decode of FISMA in lead paragraph. |
Add SCAP version 1.3 and fix SCAP version 1.0 release date |
||
Line 9:
===SCAP Components===
Starting with SCAP version 1.0 (
* [[Common Vulnerabilities and Exposures]] [http://cve.mitre.org/ (CVE)]
* [https://web.archive.org/web/20140807223026/https://nvd.nist.gov/cce/ Common Configuration Enumeration (CCE)] ([http://cce.mitre.org/ prior web-site at MITRE])
Line 23:
* [http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7502 Common Configuration Scoring System (CCSS)]
* [http://scap.nist.gov/specifications/tmsad/ Trust Model for Security Automation Data (TMSAD)]
Starting with SCAP version 1.3 (February, 2018)
* [https://csrc.nist.gov/projects/Software-Identification-SWID Software Identification (SWID) tags]
===SCAP Checklists===
Security Content Automation Protocol (SCAP) checklists standardize and enable automation of the linkage between computer security configurations and the [[National Institute of Standards and Technology|NIST]] [[NIST Special Publication 800-53|Special Publication 800-53]] (SP 800-53) controls framework. The current{{when?|date=February 2016}} version of SCAP is meant to perform initial measurement and continuous monitoring of security settings and corresponding SP 800-53 controls. Future versions will likely standardize and enable automation for implementing and changing security settings of corresponding SP 800-53 controls. In this way, SCAP contributes to the implementation, assessment, and monitoring steps of the NIST Risk Management Framework. Accordingly, SCAP forms an integral part of the NIST [http://csrc.nist.gov/groups/SMA/fisma/ FISMA] implementation project.
| |||