Welcome to the Security Content Automation Protocol (SCAP) GitHub repository! This repository serves as a central location for tracking issues, sharing specifications, and documenting the standards related to SCAP, which provides a framework for automating security management, configuration assessments, and vulnerability detection.
The Security Content Automation Protocol (SCAP) is a suite of standards that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. Developed by NIST, SCAP enables both organizations and tools to enforce, assess, and report on IT security compliance more effectively.
SCAP consists of multiple component specifications that work together to standardize security configuration and vulnerability assessments:
For more detailed information on each component, see the NIST documentation on SCAP.
We welcome contributions! Please review the contribution guidelines in CONTRIBUTING.md
for details on how to contribute to SCAP specifications, report issues, or add new examples. This repository follows the NIST SCAP guidelines and validation requirements, so please ensure contributions align with these standards.
To start using SCAP:
Specifications
directory.Examples
to see how SCAP configurations work in practice.This repository is maintained by contributors in the security automation community. Please reach out with questions or for support using SCAP.
This repository follows NIST’s Public Domain Dedication License, unless otherwise noted.