The US National Institute of Standards and Technology (NIST) has issued a draft publication for public comment describing a new method to automate the task of verifying computer security settings. Known as the Security Content Automation Protocol (SCAP), the specification has recently been incorporated into software scanners for checking security settings in federal computers.

The new publication provides an overview of SCAP, discusses programs for ensuring that products implement SCAP properly and recommends how federal agencies and other organizations can use SCAP effectively.

NIST requests comments on the new publication, 800-117, ‘Guide to Adopting and Using the Security Content Automation Protocol (SCAP).’ It can be obtained at http://csrc.nist.gov/publications/drafts/800-117/draft-sp800-117.pdf. Email comments to 800-117comments@nist.gov by Friday, June 12, 2009.

•Date: 8th May 2009• Region: US/World •Type: Article •Topic: IT continuity
Rate this article or make a comment - click here