This bulletin summarizes the information presented in NIST Special Publication (SP) 800-117, Guide To Adopting and Using the Security Content Automation Protocol (SCAP), Version 1.0: Recommendations of the National Institute of Standards and Technology. The publication, which was written by Stephen Quinn, Karen Scarfone, and Chris Johnson of NIST, and by Matthew Barrett of G2, discusses the development of SCAP and why it was created, the current components of SCAP, and the product validation and laboratory accreditation programs that support SCAP. The bulletin summarizes the general information about SCAP and provides NIST s recommendations to organizations about using SCAP to verify that their technical security controls comply with requirements and to communicate information regarding vulnerabilities in a standardized manner. The bulletin provides information about NIST resources that are available to support organizations that are using SCAP and vendors that are implementing SCAP capabilities into their products and services.
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-117, Guide To Adopting and Using the Security Content Automation Protocol (SCAP), Version 1.0: Recommendations of the National Institute of Standards and Technology. The publication, which was written by Stephen...
See full abstract
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-117, Guide To Adopting and Using the Security Content Automation Protocol (SCAP), Version 1.0: Recommendations of the National Institute of Standards and Technology. The publication, which was written by Stephen Quinn, Karen Scarfone, and Chris Johnson of NIST, and by Matthew Barrett of G2, discusses the development of SCAP and why it was created, the current components of SCAP, and the product validation and laboratory accreditation programs that support SCAP. The bulletin summarizes the general information about SCAP and provides NIST s recommendations to organizations about using SCAP to verify that their technical security controls comply with requirements and to communicate information regarding vulnerabilities in a standardized manner. The bulletin provides information about NIST resources that are available to support organizations that are using SCAP and vendors that are implementing SCAP capabilities into their products and services.
Hide full abstract
Keywords
configuration settings; Federal Information Security Management Act (FISMA); information security; information systems security; interoperability; product validation; security checklists; security configurations; Security Content Automation Protocol; security management; security controls; software flaws; software patches; system vulnerabilities