All
All

Guide to Adopting and Using the Security Content Automation Protocol

270 KB | 3 files |  DOC, PDF

SCAP has been developed to help provide a comprehensive, standardized approach to overcoming these challenges of standardizing system security measurement and responses. This overview will help your team get started.

Managing the security of systems throughout an enterprise is challenging for several reasons. Most organizations have many systems to patch and configure securely, with numerous pieces of software (operating systems and applications) to be secured on each system. This is extremely time-consuming and error-prone because there has been no standardized, automated way of securing software. Organizations also need to periodically verify the security of each system, which is also much more difficult to do without standardized, automated checking tools. Further complicating system security management is the need to respond appropriately to new vulnerabilities and threats, prioritizing them so the most significant ones can be addressed sooner.

Organizations need a comprehensive, standardized approach to overcoming these challenges, and the Security Content Automation Protocol (SCAP) has been developed to help provide such an approach. SCAP comprises a suite of specifications for organizing and expressing security-related information in standardized ways, as well as related reference data, such as identifiers for software flaws and security configuration issues. SCAP can be used for maintaining the security of enterprise systems, such as automatically verifying the installation of patches, checking system security configuration settings, and examining systems for signs of compromise.

This document defines SCAP and the component specifications that comprise it. It describes common uses of SCAP and makes recommendations for SCAP users. The document also provides insights to IT product and service vendors about adopting SCAP in their offerings. SCAP does not replace existing security software; rather, support for it can be embedded into existing software.

This ZIP file incluses:

  • Guide to Adopting and Using the Security Content Autmation Protocol
  • Cover Sheet and Terms
  • Intro Page
IT Downloads help you save time and money while executing essential IT management tasks. Download this useful resource now and put it to work for your business.

This Download is provided by:

Partner logo

NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life.

All IT Downloads from National Institute of Standards and Technology» | Visit National Institute of Standards and Technology »
Related IT Downloads

IT_Man31 Microsoft SharePoint 2013 Cheat Sheet

This SharePoint 2013 Cheat Sheet covers program fundamentals, as well as tips on managing documents, accessing wikis and blogs, and task management. ...  More >>

Infra4 Screening for Factors Affecting Application Performance in Profiling Measurements

This report provides an example application of screening techniques in experimental computer science, including validation and selection of metrics and measures, the screening experiment itself, and supporting statistical methods. ...  More >>

Infra29 Microsoft Word 2013 Cheat Sheet

This Word 2013 Cheat Sheet from CustomGuide covers program fundamentals, as well as essential keyboard shortcuts for navigation, editing and formatting. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Thanks for your registration, follow us on our social networks to keep up-to-date