The Security Content Automation Protocol (SCAP) version 2 (v2) automates endpoint posture information collection and the incorporation of that information into network defense capabilities using standardized protocols. SCAP v2 expands the endpoint types supported by SCAP v1 through the explicit inclusion of network equipment, Internet of Things (IoT), and mobile devices in its scope. To automate self-reporting of posture information from endpoint machines, SCAP v2 will integrate with existing network management protocols that include the Internet Engineering Task Force (IETF) Network Endpoint Assessment (NEA) protocols. SCAP v2 will streamline SCAP content acquisition and reuse through its use of the IETF Resource Oriented Lightweight Information Exchange (ROLIE) protocol. Improvements to software version identification and the incorporation of patch information will be made by transitioning from the Common Platform Enumeration (CPE) to Software Identification (SWID) Tags. SCAP v2 provides component-level interoperability via a modular and extensible architecture. This white paper provides a gap analysis of SCAP v1 and an overview of how SCAP v2 will address these gaps; describes the SCAP 2.0 architecture; and provides a plan for completing the work necessary to finalize SCAP v2.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.