Content deleted Content added
m Dating maintenance tags: {{By whom?}} {{When?}} |
|||
Line 2:
==Purpose==
The Security Content Automation Protocol (SCAP), pronounced "ess-cap", combines a number of open standards that are used{{by whom?|date=February 2016}} to enumerate software flaws and configuration issues related to security. They measure systems to find vulnerabilities and offer methods to score those findings in order to evaluate the possible impact. It is a method for using those open standards for automated vulnerability management, measurement, and policy compliance evaluation. SCAP defines how the following standards (referred to as SCAP 'Components') are combined:
===SCAP Components===
Line 21:
===SCAP Checklists===
Security Content Automation Protocol (SCAP) checklists standardize and enable automation of the linkage between computer security configurations and the [[NIST Special Publication 800-53]] (SP 800-53) controls framework. The current{{when?|date=February 2016}} version of SCAP is meant to perform initial measurement and continuous monitoring of security settings and corresponding SP 800-53 controls. Future versions will likely standardize and enable automation for implementing and changing security settings of corresponding SP 800-53 controls. In this way, SCAP contributes to the implementation, assessment, and monitoring steps of the NIST Risk Management Framework. Accordingly, SCAP forms an integral part of the NIST [http://csrc.nist.gov/groups/SMA/fisma/ FISMA] implementation project.
==SCAP Validation Program==
| |||