Also found in: Financial, Acronyms, Wikipedia.


(Security Content Automation Protocol) A set of standards for sharing security data developed by the U.S. National Institute of Standards and Technology (NIST). First defined in April 2009 in NIST Interagency Report 7511, SCAP includes the following. For more information, visit

Extensible Configuration Checklist
Description Format (XCCDF)
An XML specification for structured collections of security configuration rules used by operating system and application platforms.

Open Vulnerability and Assessment Language (OVAL)
An XML specification for exchanging technical details about how to check systems for security-related software flaws, configuration issues and patches.

Common Configuration Enumeration (CCE)
A dictionary of software security configuration issues, such as access control settings and password policy settings.

Common Platform Enumeration (CPE)
A naming convention for hardware, OS and applications.

Common Vulnerabilities and Exposures (CVE)
A dictionary of publicly known security-related software flaws.

Common Vulnerability Scoring System (CVSS)
A method for classifying software flaws and assigning severity scores based on their characteristics.
Mentioned in ?
References in periodicals archive ?
Delivered as part of the Red Hat Enterprise Linux platform, OpenSCAP provides a library that can parse and evaluate each component of the SCAP standard.
When they added both the S1P inhibitor and a chemical that prevents SCAP from leaving the ER, SCAP reappeared.
SCAP is conducted in collaboration with the University of Cape Town, University of Botswana, University of Mauritius and the University of Namibia.
G and N [less than or equal to] H [less than or equal to] G, then H/N is an SCAP subgroup of G/N.
Following the release of the SCAP stress test results in the United States, critics attacked the economic presumptions of the scenarios.
Recommendation: To improve the department's implementation of FDCC, the Secretary of Energy should ensure all components that are required to implement FDCC have acquired and deployed a NIST-validated SCAP tool to monitor compliance with FDCC.
As an organization, SCAP took no specific position on economic planning.
SecureFusion was validated by the National Institute of Standards and Technology (NIST) for its SCAP and FDCC configuration and policy management capabilities, after rigorous laboratory testing.
SCAP support - Triumfant Compliance Manager supports Security Content Automation Protocol (SCAP) to enable automated vulnerability management, measurement, and policy compliance evaluation in accordance with NIST's FDCC standards for Microsoft Windows XP and Vista.
It also provides a comprehensive list of NIST's SCAP policies with more than 700 secure settings that directly map to industry regulations such as FDCC (Federal Desktop Core Configuration) and PCI DSS (Payment Card Industry Data Security Standard).
Topics include random testing of image processing applications, static slicing for pervasive programs, modularly certified dynamic storage allocation in SCAP, stochastic modeling of component-based systems, and formalizing class dynamic software updating.
SCAP enthusiasm for the remaking of Japan, the complete destruction of its military forces and the protection of its new "pacifist" constitution had started to wane, even by the late 40s, as communists took power in China.