How can I use SCAP to meet the intention of the OMB memo?
The SCAP site hosts XML files in SCAP format for various operating systems and applications. NIST, in conjunction with industry and agency partners, is translating some commonly used security checklists located on the NIST checklist Web site into SCAP-formatted XML for use by automated tools. Specific to the OMB memo, the SCAP site provides content for automatically determining if systems under test are configured according to the recommend guidance for Windows XP and Windows Vista. After ensuring the system is configured correctly, the agency can test to ensure that additional applications function correctly and do not change the baseline settings. This will help the agency to identify adverse effects on system functionality before deployment. The SCAP web site also hosts content for assessing Office 2007, Symantec AntiVirus, and Internet Explorer 7.0. The SCAP content is located at http://nvd.nist.gov/ncp.cfm?scap. There are automated tools that can process the SCAP content for these