Content deleted Content added
m clean up, Replaced: ® → (4), added uncategorised tag using AWB |
|||
Line 1:
The '''Security Content Automation Protocol''' ('''SCAP''') is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., [[FISMA]] compliance). The [[National Vulnerability Database]] (NVD) is the U.S. government content repository for SCAP.
==Purpose==
The Security Content Automation Protocol (SCAP), pronounced “S-Cap”, combines a number of open standards that are used to enumerate software flaws and configuration issues related to security. They measure systems to find vulnerabilities and offer methods to score those findings in order to evaluate the possible impact. It is basically a is a method for using those open standards for automated vulnerability management, measurement, and policy compliance evaluation. SCAP defines how the following standards (referred to as SCAP 'Components') are combined:
===SCAP Components===
* [http://cve.mitre.org/ Common Vulnerabilities and Exposures (CVE
* [http://cce.mitre.org/ Common Configuration Enumeration (
* [http://cpe.mitre.org/ Common Platform Enumeration (
* [http://nvd.nist.gov/cvss.cfm?version=2 Common Vulnerability Scoring System (CVSS)]
* [http://nvd.nist.gov/xccdf.cfm Extensible Configuration Checklist Description Format (XCCDF)]
* [http://oval.mitre.org/ Open Vulnerability and Assessment Language (
These components can be used to build products that have SCAP Capabilities:
Line 45 ⟶ 43:
*[http://nvd.nist.gov National Vulnerability Database web site]
*[http://www.atsec.com/01/scap-security-content-automation-protocol-faq.html SCAP FAQ]
{{Uncategorizedstub|date=April 2008}}
| |||