Security Content Automation Protocol (SCAP) is a collection of six open standards, developed jointly by the government and the private sector, that specify the format of the content used to assess computer security. This common standard provides regulatory authorities and configuration managers a consistent way to construct a definitive guidance for system security. The standard specifies the content for platforms such as Windows, UNIX, and Internet Explorer, using the Extensible Configuration Checklist Description Format (XCCDF).
The SCAP Module enables you to import properly formatted XCCDF content, and then use the content in Secure Configuration Manager as policy templates. For example, you can download the XCCDF content from the National Institute of Standards and Technology (NIST) website.
NIST was one of the driving forces behind the National Information Assurance Program (NIAP) Common Criteria program. At the heart of the Common Criteria is the concept of a protection profile, which is constructed to protect against all known threats for a proposed system. While these NIST efforts have been rooted in the traditional approach of focusing on a list of known vulnerabilities, NIST has placed a renewed focus on a gold standard configuration for systems deployed within the federal government. The FDCC standard establishes a single gold standard configuration for Windows XP and Vista systems, based on computer configurations at the United States Air Force that resulted in substantial cost savings. The USGCB standard evolved from the FDCC configuration and applies to a wider variety of computing systems.