Saturday 22 February 2014

What is SCAP ..?

Definition

  • SCAP is stand for "Security Content Automation Protocol ". It's a accepted standards used to enable automated vulnerability(defenselessness) management and security policy compliance metrics.
  • SCAP allows security administrators to scan computers, software, and other devices based on security baseline/not & determine software standard. 
  • The NVD (National Vulnerability Database) is the U.S. government content repository for SCAP.
  • SCAP have two componen

    1. SCAP Scanners

      •  It's a tool that compares a target computer or application's configuration or patch level against that of the SCAP content baseline. 
      • Some SCAP Scanners also have the ability to re-mediate the target computer and bring it into compliance with the standard baseline.
      • Many commercial and open-source SCAP scanners available. Some scanners are for enterprise-level scanning and some for individual PC use.

    2. SCAP Content : 

      • SCAP content modules are freely available by NIST (National Institute of Standards and Technologies).
      • Content modules are made from "secure" configurations that agreed by NIST and its SCAP partners.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)