CCS adopts the Security Content Automation Protocol (SCAP) suite of specifications, which is a validation program defined by National Institute of Standards and Technology (NIST). The SCAP standards are used to enable automated vulnerability management, measurement, and policy compliance evaluation of the enterprise organization.
SCAP is established by NIST to standardize the format and nomenclature by which security software products communicate software flaws and security configuration information. Adoption of SCAP facilitates an organization's automation of security monitoring, vulnerability management, and security policy compliance evaluation and reporting.
The SCAP content that is imported in CCS cannot be edited. The in-built functionalities of CCS are leveraged to execute the SCAP evaluation job that collects data from assets and evaluates them against the SCAP content. The CCS Manager that is configured as a Windows data collector performs the task of data collection and evaluation of SCAP content.
To know more about CCS Manager Collector, refer to About the CCS Manager Collector topic in the CCS SymHelp.
The SCAP evaluation results can be viewed in the Evaluation Results Viewer or the report generation feature of CCS can be used to generate the Asset Details report. The evaluated data is also rendered on CCS Dashboards such as, Compliance Administration - SCAP profile benchmark.