Content deleted Content added
m Standard headings &/or gen fixes. using AWB |
|||
Line 7:
*[http://scap.nist.gov Security Content Automation Protocol web site]
*[http://nvd.nist.gov National Vulnerability Database web site]
The Security Content Automation Protocol (SCAP), pronounced “S-Cap”, combines a number of open standards that are used to enumerate software flaws and configuration issues related to security. They measure systems to find vulnerabilities and offer methods to score those findings in order to evaluate the possible impact. It is basically a is a method for using those open standards for automated vulnerability management, measurement, and policy compliance evaluation. SCAP defines how the following standards are combined:
* Common Vulnerabilities and Exposures (CVE®)
* Common Configuration Enumeration (CCE™)
* Common Platform Enumeration (CPE™)
* Common Vulnerability Scoring System (CVSS)
* Extensible Configuration Checklist Description Format (XCCDF)
* Open Vulnerability and Assessment Language (OVAL™)
| |||