Security Content Automation Protocol (SCAP): Helping Organizations Maintain and Verify the Security of their Information Systems
Shirley M. Radack
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-117, Guide To Adopting and Using the Security Content Automation Protocol (SCAP), Version 1.0: Recommendations of the National Institute of Standards and Technology. The publication, which was written by Stephen Quinn, Karen Scarfone, and Chris Johnson of NIST, and by Matthew Barrett of G2, discusses the development of SCAP and why it was created, the current components of SCAP, and the product validation and laboratory accreditation programs that support SCAP. The bulletin summarizes the general information about SCAP and provides NIST s recommendations to organizations about using SCAP to verify that their technical security controls comply with requirements and to communicate information regarding vulnerabilities in a standardized manner. The bulletin provides information about NIST resources that are available to support organizations that are using SCAP and vendors that are implementing SCAP capabilities into their products and services.
Security Content Automation Protocol (SCAP): Helping Organizations Maintain and Verify the Security of their Information Systems, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=906869
(Accessed February 25, 2024)