Security content automation protocol or SCAP is a suite of specifications that regulates the method for communicating software flaw and security configuration information between machines and humans.  It provides automated and standardized approach for implementing baseline security configurations, checking that the patches for security vulnerabilities exist, monitoring the system security, checking if system is compromised and being able to establish the exact the posture of security for a system or organization at any given point of time. Determining the security posture is a challenge because of a number of reasons such as the number and variety of systems to secure, the need to quickly respond to new threats and the lack of…show more content… • Common Vulnerabilities and Exposures (CVE) has the nomenclature and glossary for the software flaws related to security and is maintained by MITRE Corporation.
Vulnerability Measurement and Scoring group includes the Common Vulnerability Scoring System (CVSS) which has terms for measuring the relative severity of software flaw vulnerability. It is maintained by Forum of Incident Response and Security Terms (FIRST).
Expression and Checking Languages includes the following:
• Extensible Configuration Checklist Description Format (XCCDF) is the language used to specify checklists and report the results of the checklist. It is maintained by National Security Agency (NSA) and NIST.
• Open Vulnerability and Assessment Language (OVAL) is a language which specifies procedures employed by checklists for low-level testing. It is maintained by MITRE Corporation.
SCAP has many applications such as automation in checking for known vulnerabilities, report generation linking low-level settings to high-level requirements. Security configuration verification, requirements traceability, standardized security enumeration and vulnerability measurement are the four categories of common uses of the SCAP. SCAP checklist is used to check patches which are missing and installing them. 
Detectable traces of attacks are left on the system which is compromised. Checksum of malicious file or existence of particular service can be the methods for discovering evidence of a particular