Security Content Automation Protocol (SCAP)

What atsec offers
The Information Security Automation Program (ISAP) is a U.S. government initiative to enable automation and standardization of technical security operations. The Security Content Automation Protocol (SCAP) combines a number of open standards used to enumerate software flaws and configuration issues related to security. atsec information security is an accredited testing laboratory under NVLAP (National Voluntary Laboratory Accreditation Program). We have extensive expertise in testing, evaluation and validation support of software and hardware products. We offer:

  • Formal laboratory conformance testing using NIST test suites
  • Consultation about SCAP requirements
  • Assessment of test readiness
  • Verification that an application does not change any SCAP relevant settings
  • Support for NIST validation of SCAP testing

Why our services are important to you
The Office of Management and Budget (OMB) requires the use of SCAP validated scanners for the automation of federal desktop configuration management and compliance verification. Agencies and other organizations can automate much of their FISMA technical security control compliance activities by regularly scanning information technology assets using SCAP checklists.