usnistgov / SCAP

The repository will be used to track issues and post specifications related to the Security Automation Protocol (SCAP).
1 stars 0 forks source link

Security Content Automation Protocol (SCAP) Repository

Welcome to the Security Content Automation Protocol (SCAP) GitHub repository! This repository serves as a central location for tracking issues, sharing specifications, and documenting the standards related to SCAP, which provides a framework for automating security management, configuration assessments, and vulnerability detection.

About SCAP

The Security Content Automation Protocol (SCAP) is a suite of standards that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. Developed by NIST, SCAP enables both organizations and tools to enforce, assess, and report on IT security compliance more effectively.

Key SCAP Components

SCAP consists of multiple component specifications that work together to standardize security configuration and vulnerability assessments:

For more detailed information on each component, see the NIST documentation on SCAP.

Repository Structure

Contributing

We welcome contributions! Please review the contribution guidelines in CONTRIBUTING.md for details on how to contribute to SCAP specifications, report issues, or add new examples. This repository follows the NIST SCAP guidelines and validation requirements, so please ensure contributions align with these standards.

Getting Started

To start using SCAP:

  1. Review the component specifications in the Specifications directory.
  2. Experiment with the Examples to see how SCAP configurations work in practice.
  3. Post any issues or feedback you have using the Issues tab.

Resources


This repository is maintained by contributors in the security automation community. Please reach out with questions or for support using SCAP.

License

This repository follows NIST’s Public Domain Dedication License, unless otherwise noted.