Security Content Automation Protocol (SCAP) Tools

The big thing in vulnerability management

Man working on computer at home
StA-gur Karlsson/E+/Getty Images

You may have never heard of them but Security Content Automation Protocol (SCAP)-enabled tools are the next big thing in vulnerability management and security configuration control. SCAP was started by the National Institute of Standards and Technology (NIST) and its partners in industry.

SCAP primarily consists of NIST-hosted SCAP checklists which are hardened configurations of operating systems and/or applications. The SCAP checklist contains what NIST and its partners have determined to be "secure" configurations of OSes and applications.

The SCAP checklist content can be loaded into SCAP-enabled scanning tools that can scan computers using the checklist as a baseline to compare the system being scanned. The SCAP scan can reveal if there are any settings or patches on the target system that are not up to the SCAP checklist standard.

There are many SCAP-enabled scanning tools available both open source and commercial. These tools range tools for testing individual PCs to enterprise-level tools capable of scanning thousands of systems at a time.

This page is intended to be a jumping-off point into the world of SCAP. Please start your journey by checking out the SCAP resources below:

SCAP Basics


SCAP Checklist Content


SCAP Scanning Tools