Issue No.01 - Jan.-Feb. (2011 vol.13)
Shirley Radack , National Institute of Standards and Technology
Rick Kuhn , National Institute of Standards and Technology
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2011.11
Most organizations have an extensive set of security requirements, established for commercial firms through complex interactions of business goals, government regulations, and insurance requirements. Meeting these requirements has been time consuming and error prone, because there haven't been standardized, automated ways of performing all of the tasks and reporting on results. Another obstacle has been the lack of interoperability across security tools. To overcome these deficiencies and reduce security administration costs, the National Institute of Standards and Technology developed the Security Content Automation Protocol (SCAP).
Security Content Automation Protocol, SCAP, standards, information technology
Shirley Radack, Rick Kuhn, "Managing Security: The Security Content Automation Protocol", IT Professional, vol.13, no. 1, pp. 9-11, Jan.-Feb. 2011, doi:10.1109/MITP.2011.11