The National Institute of Standards and Technology recently released four new publications (embedded below) that detail specifications used by the latest version of Security Content Automation Protocol (SCAP).
“A primary goal of automated security in a large organization’s computer environment is to make sure everything is configured securely as required by management, and that all patches are applied to eliminate known vulnerabilities,” said computer scientist David Waltermire. SCAP-enabled tools can scan computer systems to reveal software vulnerabilities and security configuration problems to be corrected.
A new publication announcing SCAP Version 1.2 is expected to be published soon.
Common Platform Enumeration: Naming Specification Version 2.3
Common Platform Enumeration: Name Matching Specification Version 2.3
Common Platform Enumeration: Dictionary Specification Version 2.3 (NISTIR 7697)
Common Platform Enumeration: Applicability Language Specification Version 2.3 (NISTIR 7698)
