Publications
This draft has been retired (April 26, 2019).
Further development of this specific document was discontinued.
Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Documentation
Topics
Date Published: January 2012
Planning Note (4/26/2019):
Work on this document has been discontinued.
Author(s)
Stephen Quinn (NIST), Karen Scarfone (Scarfone Cybersecurity), David Waltermire (NIST)
The purpose of this document is to provide an overview of the Security Content Automation Protocol (SCAP) version 1.2. This document discusses SCAP at a conceptual level, focusing on how organizations can use SCAP-enabled tools to enhance their security posture. It also explains to IT product and service vendors how they can adopt SCAP version 1.2 capabilities within their offerings. The intended audience for this document is individuals who have responsibilities for maintaining or verifying the security of systems in operational environments.
The purpose of this document is to provide an overview of the Security Content Automation Protocol (SCAP) version 1.2. This document discusses SCAP at a conceptual level, focusing on how organizations can use SCAP-enabled tools to enhance their security posture. It also explains to IT product and...
See full abstract
The purpose of this document is to provide an overview of the Security Content Automation Protocol (SCAP) version 1.2. This document discusses SCAP at a conceptual level, focusing on how organizations can use SCAP-enabled tools to enhance their security posture. It also explains to IT product and service vendors how they can adopt SCAP version 1.2 capabilities within their offerings. The intended audience for this document is individuals who have responsibilities for maintaining or verifying the security of systems in operational environments.
Hide full abstract
Keywords
Security Content Automation Protocol (SCAP); security configuration management; security automation; vulnerability management
Control Families
Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Communications Protection
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
