U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

security content automation protocol (SCAP)

Definition(s):

  A suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. Note: There are six individual specifications incorporated into SCAP: CVE (common vulnerabilities and exposures); CCE (common configuration enumeration); CPE (common platform enumeration); CVSS (common vulnerability scoring system); OVAL (open vulnerability assessment language); and XCCDF (eXtensible configuration checklist description format).
Source(s):
CNSSI 4009-2015 from NIST SP 800-126 Rev. 2

  A suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans.
Source(s):
NIST SP 800-126 Rev. 2 under Security Content Automation Protocol (SCAP)
NIST SP 800-126 Rev. 3 under Security Content Automation Protocol (SCAP)

  A protocol currently consisting of a suite of seven specifications that standardize the format and nomenclature by which security software communicates information about software flaws and security configurations.
Source(s):
NIST SP 800-128 under Security Content Automation Protocol (SCAP)
NIST SP 800-128