SecPlusTrainer / Glossary / What is SCAP?
D4 · Operations

What is SCAP?

SCAP (Security Content Automation Protocol) is a NIST standard for automated vulnerability/compliance checking using standardized formats (XCCDF for checklists, OVAL for vulnerability definitions).
SCAP enables automated compliance scanning against CIS Benchmarks and DISA STIGs. Tools: OpenSCAP, Nessus, RHEL Compliance. STIG (Security Technical Implementation Guide) = DoD-specific hardening checklists in SCAP format.

Related Terms

What is Advanced Malware Protection (AMP)? What is agent-based vs agentless monitoring? What is application allowlisting? What is anomaly detection in security?
← Back to Glossary Practice Questions →