Security Content Automation Protocol (SCAP) is a multi-purpose framework of specifications that supports automated configuration, vulnerability and patch checking, technical control compliance activities, and security measurement.
OpenSCAP has received a NIST certification for its support of SCAP 1.2.
The components are designed to work together for a common goal. For each component the standard defines a document format with syntax and semantics of its internal data structures. OpenSCAP also contains its own extensions interoperable with SCAP.
The OpenSCAP team puts great emphasis on following standards. We feel that it is the only way to succeed in today’s highly fragmented world.
OpenSCAP has always had tight bounds to the SCAP line of standards. Our base project started in 2008 as an open source implementation of the SCAP standard. Five years later, when OpenSCAP 1.0 has been awarded the NIST SCAP 1.2 certification, the team felt personally appreciated for the long-standing efforts to follow the standard closely.
Over time, the OpenSCAP team has contributed to new versions of the standard. We work with NIST and MITRE Corporation and we help them understand auditing needs of today’s Linux system. For many years, OpenSCAP has been holding a seat on the OVAL board.