Tennable’s tool Nessus also has a SCAP scan capability for SCAP scans that covers a subset of the scans that the DISA SCAP Scanner can do. The results of a SCAP scan can be exported as an XCCDF format XML file and then imported into a Checklist using a tool such as STIG viewer or OpenRMF ® OSS to create an actual checklist of findings. You use the benchmark files to load into the SCAP scanner and that allows the scan to match against good known security standards. The DISA SCAP scan is only available to those with a DoD CAC and can be downloaded from the DoD Cyber Exchange NIPR site. The SCAP benchmarks are available as ZIP downloads on this site as well. More information on the SCAP tools and using the benchmarks in the SCAP scan process can be found at. It uses specific standards to help organizations automate the way they monitor system vulnerabilities and make sure they’re in compliance with security policies. SCAP scans compare the system you are scanning to a baseline (benchmark) which are open security standards of security to find compliance or non-compliance of system. ![]() SCAP stands for Security Content Automation Protocol.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |