6.1 About SCAP

The Security Content Automation Protocol (SCAP) provides an automated, standardized methodology for managing system security, including measuring and managing system vulnerability, and evaluating policy compliance against security standards such as the Federal Information Security Management Act (FISMA). The U.S. government content repository for SCAP standards is the National Vulnerability Database (NVD), which is managed by the National Institute of Standards and Technology (NIST).

Oracle Linux provides the following SCAP packages for Oracle Linux 6:

openscap-utils

The openscap-utils package contains command-line tools that use the OpenSCAP library. This package previously included the oscap command-line configuration and vulnerability scanner, but this is now made available separately in the openscap-scanner package. The openscap-scanner package is installed as a dependency when you install the openscap-utils package.

openscap-scanner

Provides the oscap command-line configuration and vulnerability scanner, which can perform compliance checking against SCAP content including the SCAP Security Guide. This is a dependency of the openscap-utils package.

openscap

Provides the OpenSCAP open-source libraries for generating SCAP-compliance documentation. OpenSCAP received SCAP 1.2 certification from NIST in April 2014.

scap-security-guide

Provides system-hardening guidance in SCAP format, including links to government requirements. The guide provides security profiles that you can modify to comply with the security policies that you have established for your site.