The Security Content Automation Protocol (SCAP) is a combination of interoperable specifications for organizing and expressing security information in standardized ways. The SCAP specifications are open standards developed from community participation including government organizations as well as non-profit organizations and businesses in the private sector. The open standards allow regulatory authorities and security administrators to construct guidance, which is encapsulated in the format prescribed by the specifications. The SCAP application imports the guidance in the form of a SCAP policy files and evaluates hosts against the guidance using its automated scanning and reporting features.
The SCAP application validates SCAP content as part of the SCAP policy import process and references are provided in the user interface, reports and export files.
Interested in finding out more? See Statement of SCAP Compliance