Dictionary · NIST SP 800-128

Security Content Automation Protocol (SCAP) constructs to uniquely identify assets (components) based on known identifiers and/or known information about the assets.

SCAP data model for expressing the transport format of information about assets (components) and the relationships between assets and reports.

A set of specifications for a system, or Configuration Item (CI) within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes.

A SCAP specification that provides unique, common identifiers for configuration settings found in a wide variety of hardware and software products.

A SCAP specification for measuring the severity of software security configuration issues.

A SCAP specification that provides a standard naming convention for operating systems, hardware, and applications for the purpose of providing consistent, easily parsed names that can be shared by multiple parties and solutions to refer to the same specific platform type.

An SCAP specification that provides unique, common names for publicly known information system vulnerabilities.

An SCAP specification for communicating the characteristics of vulnerabilities and measuring their relative severity.

SCAP language for specifying checklists and reporting checklist results.

SCAP language for expressing security checks that cannot be evaluated without some human interaction or feedback.

SCAP language for specifying low-level testing procedures used by checklists.

Application that provides the ability to gather security data from information system components and present that data as actionable information via a single interface.

A tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders.

The United States Government Configuration Baseline (USGCB) provides security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the federal Desktop Core Configuration mandate. The USGCB is a Federal government-wide initiative that provides guidance to agencies on what should be done to improve and maintain an effective configuration settings focusing primarily on security.

A list of discrete entities, such as hosts or applications that are known to be benign and are approved for use within an organization and/or information system.