The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines. We maintain great flexibility and interoperability, reducing costs of performing security audits.

Security Policies

The OpenSCAP project provides a wide variety of hardening guides and configuration baselines developed by the open source community, ensuring that you can choose a security policy which best suits the needs of your organization, regardless of its size.


SCAP is U.S. standard maintained by National Institute of Standards and Technology (NIST). The OpenSCAP project is an open source collection of tools for implementing and enforcing this standard, and has been awarded the SCAP 1.2 certification by NIST in 2014.

Security compliance

Security compliance is a state where computer systems are in line with a specific security policy.

In the ever-changing world of computer security where new vulnerabilities are being discovered and patched every day, enforcing security compliance must be a continuous process. It also needs to include a way to make adjustments to policies, as well as periodic assessment and risk monitoring. The OpenSCAP ecosystem provides tools and customizable policies for a quick, cost-effective and flexible implementation of such a process.

Vulnerability assessment

Vulnerability assessment is a process that identifies and classifies vulnerabilities on a system.

Leaving your systems with unpatched vulnerabilities can have a number of consequences, ranging from embarrassment to heavy damage when an such a vulnerability is exploited by an attacker. A timely inspection of software inventory that identifies such vulnerabilities is a must for any organization in the 21st century, and the OpenSCAP project provides tools for automated vulnerability checking, allowing you to take steps to prevent attacks before they happen.


Government Users

Government agencies and their contractors are often required by law to implement certain cybersecurity programs and policies. For example, under the U.S. Federal Information Security Management (FISMA) Act, government agencies are required to implement SCAP protection, and similar laws apply in many other countries as well. OpenSCAP provides an efficient and cost-effective way of implementing these requirements mandated by law.


Corporations and E-commerce

Businesses, no matter their size, are increasingly concerned with information security due to a growing number of data breaches and other security-related incidents. We understand that each business is different and has different data to protect. The OpenSCAP project offers flexibility and allows businesses to leverage years of government experience in computer security.

open source community

Open Source Community

We believe that security is best done in the open. Open source development results in more scrutiny and allows community members to contribute without being held back by red tape, patents and secrets. That is why all the projects under the OpenSCAP umbrella are 100% open source.