The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance).
In this talk, we'll introduce SCAP and the standards behind it, with a focus on configuration checklist format (formated as XCCDF) and automated checking (via OVAL).
We'll explain how SCAP XML files can be either used to produce a plain documentation, or evaluate your systems (and even generate remediation scripts for your system) using OpenSCAP.
Finally, we'll review a few configuration checklist and automated checking.
URLs: http://en.wikipedia.org/wiki/Security_Content_Automation_Protocol http://scap.nist.gov http://www.open-scap.org