You'll need a SCAP policy in order to evaluate hosts for SCAP compliance. You can get a policy quickly by importing one from our library. These policies are compliant with the NIST standards.
Tell me about user permissions
The SCAP application must be enabled for the subscription. Managers and Auditors have permissions to create and edit SCAP policies.
Go to PC > Policies and select New > Import SCAP Policy. Click Import for the policy you want. Be sure to assign relevant hosts (for example assign Windows 7 hosts to a Windows 7 policy). Tip - You must assign at least one asset group to the policy in order to scan it.
Tell me about SCAP content
SCAP content is compliant with SCAP 1.0 and 1.2 specifications defined by NIST.
SCAP 1.1/1.0 content consists of these files: XCCDF Content, CPE OVAL Definitions, CPE 2.0 Dictionary, OVAL Compliance Definitions. This file is optional: OVAL Patch Definitions.
SCAP 1.2 content consists of a single file: SCAP source data stream.
Is my new policy ready to use?
Once your policy is in your list and you've assigned assets to it, you're ready to start scanning. You'll notice when you launch a SCAP scan, you can select the policy from the SCAP Policy menu. To get information on your policy, hover over the policy and select Info from the Quick Actions menu.
Can I create my own policies?
Yes. You can create custom SCAP policies by uploading your own SCAP content. Learn more
Where can I see the published date for SCAP content?
Select a policy on your policies list and check out the preview pane. You'll see the generated date (when the content was originally created/officially published) and the last updated date (when the policy was created/modified).