eEye Security Content Automation Protocol (SCAP)
About SCAP
The U.S. National Institute of Standards and Technology (NIST) has created a standard around how computers communicate vulnerability information and the content of that information via the Security Content Automation Protocol (SCAP). SCAP is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance). The National Vulnerability Database (NVD) is the U.S. government content repository for SCAP
The primary vulnerability management goals of SCAP are to automate compliance, manage vulnerabilities, perform security measurements, and evaluate policy compliance for standards such as FISMA.
More detailed information regarding SCAP can be found at http://nvd.nist.gov/scap/scap.cfm
Compliance with Security Content Automation Protocol (SCAP)
eEye Digital Security developers are building SCAP-compliance into eEye Digital Security products. Currently eEye supports FDCC scanning functionality and is pursuing FDCC Certification as a part of SCAP compliance.
