Home Security Policies Choosing Policy Government

SCAP is the security compliance tool of choice for federal agencies and government contractors.

Government Image


Being a NIST standard, SCAP was born inside the US government. In may ways it caters to the needs of federal agencies and government contractors — security policies that are mandatory for them are most often expressed in SCAP form.

Let us go over a few typical government security policies that SCAP can help you with.


The United States Government Configuration Baseline (USGCB) creates security configuration baselines for IT products widely deployed across the federal agencies. The USGCB is a Federal government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security.

The SCAP Security Guide project gives you a head-start with its USGCB profile for Red Hat Enterprise Linux 6. You can use this profile to automatically configure many server settings, so that you can focus on the rules that cannot be automated.


Security Technical Implementation Guides (STIGs) by The United States Department of Defense specify how government computers are to be configured and managed.

The relationship and impact of information security to economics have been subject to deep research for more than a decade [1] [2]

  • FedRAMP
  • ENISA, The Cybersecurity Strategy for the European Union