Content deleted Content added
I have removed "The current verison" and replaced with most recent update from NIST website. I need to add the page as a reference. I am new to editing so I was having trouble adding that source. |
Added inline citation for opening paragraph along with more detail for what SCAP is/does. |
||
Line 3:
{{Use American English|date=September 2023}}
{{Use mdy dates|date=September 2023}}
The '''Security Content Automation Protocol''' ('''SCAP''') is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., [[Federal Information Security Management Act of 2002|FISMA (Federal Information Security Management Act, 2002)]] compliance. The [[National Vulnerability Database]] (NVD) is the U.S. government content repository for SCAP. An example of an implementation of SCAP is OpenSCAP. SCAP is a suite of tools that have been compiled to be compatible with various protocols for things like configuration management, compliance requirements, software flaws, or vulnerabilities patching. Accumulation of these standards provides a means for data to be communicated between humans and machines efficiently. The objective of the framework is to promote a communal approach to the implementation of automated security mechanisms that are not monopolized.<ref>{{Cite web |last=Computer Security Division |first=Information Technology Laboratory |date=2016-12-07 |title=Security Content Automation Protocol {{!}} CSRC {{!}} CSRC |url=https://csrc.nist.gov/projects/security-content-automation-protocol/ |access-date=2024-01-15 |website=CSRC {{!}} NIST |language=EN-US}}</ref>
==Purpose==
| |||