Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Content Automation Protocol (SCAP): Helping Organizations Maintain and Verify the Security of their Information Systems

Published

Author(s)

Shirley M. Radack

Abstract

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-117, Guide To Adopting and Using the Security Content Automation Protocol (SCAP), Version 1.0: Recommendations of the National Institute of Standards and Technology. The publication, which was written by Stephen Quinn, Karen Scarfone, and Chris Johnson of NIST, and by Matthew Barrett of G2, discusses the development of SCAP and why it was created, the current components of SCAP, and the product validation and laboratory accreditation programs that support SCAP. The bulletin summarizes the general information about SCAP and provides NIST s recommendations to organizations about using SCAP to verify that their technical security controls comply with requirements and to communicate information regarding vulnerabilities in a standardized manner. The bulletin provides information about NIST resources that are available to support organizations that are using SCAP and vendors that are implementing SCAP capabilities into their products and services.
Citation
ITL Bulletin -

Keywords

configuration settings, Federal Information Security Management Act (FISMA), information security, information systems security, interoperability, product validation, security checklists, security configurations, Security Content Automation Protocol, security management, security controls, software flaws, software patches, system vulnerabilities

Citation

Radack, S. (2010), Security Content Automation Protocol (SCAP): Helping Organizations Maintain and Verify the Security of their Information Systems, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=906869 (Accessed February 25, 2024)
Created September 27, 2010, Updated February 19, 2017