Home Features SCAP Standards

It’s not always easy to push yourself.
That is why we have standards.


SCAP Standards

SCAP Standard

Security Content Automation Protocol (SCAP) is a multi-purpose framework of specifications that supports automated configuration, vulnerability and patch checking, technical control compliance activities, and security measurement.

OpenSCAP has received a NIST certification for its support of SCAP 1.2.

SCAP components

SCAP Components

The components are designed to work together for a common goal. For each component the standard defines a document format with syntax and semantics of its internal data structures. OpenSCAP also contains its own extensions interoperable with SCAP.

Other standards

Other Standards      

Our focus on SCAP doesn’t mean we ignore other security related standards. Some of them can be used next to SCAP, some are orthogonal to it.

What standards mean for us

The OpenSCAP team puts great emphasis on following standards. We feel that it is the only way to succeed in today’s highly fragmented world.

OpenSCAP has always had tight bounds to the SCAP line of standards. Our base project started in 2008 as an open source implementation of the SCAP standard. Five years later, when OpenSCAP 1.0 has been awarded the NIST SCAP 1.2 certification, the team felt personally appreciated for the long-standing efforts to follow the standard closely.

Over time, the OpenSCAP team has contributed to new versions of the standard. We work with NIST and MITRE Corporation and we help them understand auditing needs of today’s Linux system. For many years, OpenSCAP has been holding a seat on the OVAL board.