You may have never heard of them but Security Content Automation Protocol (SCAP)-enabled tools are the next big thing in vulnerability management and security configuration control. SCAP was started by the National Institute of Standards and Technology (NIST) and its partners in industry.
SCAP primarily consists of NIST-hosted SCAP checklists which are hardened configurations of operating systems and/or applications. The SCAP checklist contains what NIST and its partners have determined to be "secure" configurations of OSes and applications.
The SCAP checklist content can be loaded into SCAP-enabled scanning tools that can scan computers using the checklist as a baseline to compare the system being scanned. The SCAP scan can reveal if there are any settings or patches on the target system that are not up to the SCAP checklist standard.
There are many SCAP-enabled scanning tools available both open source and commercial. These tools range tools for testing individual PCs to enterprise level tools capable of scanning thousands of systems at a time.
This page is intended to be a jumping off point into the world of SCAP. Pleas start your journey by checking out the SCAP resources below:
SCAP BasicsWhat is SCAP?
NIST's SCAP Main Page
SCAP Community Page
NIST SCAP Tools Page
SCAP Checklist ContentNIST SCAP Checklist Repository
Windows 7 Firewall SCAP Content
Windows Vista SCAP Content
SCAP Scanning ToolsSCAP Validation Tools List
Open Scap (open source)