Security Content Automation Protocol (SCAP) validated tools are software tools, especially vulnerability scanners, that comply with as defined set of standards for structured data that describes the security posture of the information system. The descriptions can include the system hardware inventory, software inventory, system configurations, applied or missing patches. The SCAP definition was implemented out of necessity to standardize reporting on information systems so that software solutions could be developed to monitor and assess systems in a standard format rather than have independent software developers implement proprietary/one-off solutions of reporting security content in support of risk management, vulnerability management, and accreditation decisions..
Applicability:
- SCAP validation ensures tools can structure and communicate security-related information in a standardized and open format
- Relevant for vulnerability management and compliance scanning of information systems.
URL: NIST SCAP