SCAP (Security Content Automation Protocol) is a specification for expressing and manipulating security data in standardized ways. SCAP uses several specific standards in concert to enable automated vulnerability management, measurement, and policy compliance evaluation. The SCAP version allows the versions of the SCAP component standards to be referred to as a collection.
Specification: http://scap.nist.gov/
SCAP 1.0 policies are compliant with SCAP Version 1.0. Tell me moreTell me more
SCAP 1.0 components include: CCE, CPE, CVE, CVSS, OVAL and XCCDF.
SCAP 1.2 policies are compliant with SCAP Version 1.2. Tell me moreTell me more
SCAP 1.2 components include: CCE, CPE, CVE, CCSS CVSS, OCIL, OVAL, XCCDF, Asset Identification, ARF (Asset Reporting Format), and TMSAD (Trust Model for Security Automation Data).