SCAP Glossary

Selected acronyms and abbreviations related to SCAP compliance are provided below.

ARF Asset Reporting Format

CCE Common Configuration Enumeration

CCSS Common Configuration Scoring System

CPE Common Platform Enumeration

CVE Common Vulnerabilities and Exposures

CVSS Common Vulnerability Scoring System

FDCC Federal Desktop Core Configuration

FIRST Forum of Incident Response and Security Teams

NIST National Institute of Standards and Technology

NVD National Vulnerability Database

OCIL Open Checklist Interactive Language

OVAL Open Vulnerability and Assessment Language

SCAP Security Content Automation Protocol

TMSAD Trust Model for Security Automation Data

XCCDF Extensible Configuration Checklist Document Format