Definition: SCAP

(Security Content Automation Protocol) A set of standards for sharing security data developed by the U.S. National Institute of Standards and Technology (NIST). First defined in April 2009 in NIST Interagency Report 7511, SCAP includes the following. For more information, visit http://scap.nist.gov.

Extensible Configuration Checklist
Description Format (XCCDF)
An XML specification for structured collections of security configuration rules used by operating system and application platforms.

Open Vulnerability and Assessment Language (OVAL)
An XML specification for exchanging technical details about how to check systems for security-related software flaws, configuration issues and patches.

Common Configuration Enumeration (CCE)
A dictionary of software security configuration issues, such as access control settings and password policy settings.

Common Platform Enumeration (CPE)
A naming convention for hardware, OS and applications.

Common Vulnerabilities and Exposures (CVE)
A dictionary of publicly known security-related software flaws.

Common Vulnerability Scoring System (CVSS)
A method for classifying software flaws and assigning severity scores based on their characteristics.