How does SCAP help with FISMA compliance and with complying to other mandates?
Security Content Automation Protocol (SCAP) checklists standardize and enable automation of the linkage between computer security configurations and the NIST Special Publication 800-53 Revision 1 (SP 800-53 Rev1) controls framework. The current version of SCAP is meant to perform initial measurement and continuous monitoring of security settings and corresponding SP 800-53 Rev1 controls. Future versions will likely standardize and enable automation for implementing and changing security settings of corresponding SP 800-53 Rev1 controls. In this way, SCAP contributes to the implementation, assessment, and monitoring steps of the NIST Risk Management Framework. Accordingly, SCAP is an integral part of the NIST FISMA implementation project.
Related Questions
- How can agencies use Security Content Automation Protocol (SCAP) USGCB content to automate FISMA compliance of technical controls?
- How can agencies use Security Content Automation Protocol (SCAP) FDCC content to automate FISMA compliance of technical controls?
- How can agencies use SCAP FDCC content to automate FISMA compliance of technical controls?