Security Automation Essentials: Streamlined Enterprise Security Management & Monitoring with SCAP provides IT security managers in both government agencies and private organizations with full details on the capabilities of SCAP (Security Content Automation Protocol) technologies. SCAP reduces dozens of individual security-related tasks to simple, streamlined, and automated tasks that produce standardized results. It aids in the integration and ease of use of multiple, non-interoperable products and platforms.

This book delivers a complete and accessible overview of SCAP, including enumerations of common platforms, vulnerabilities, and configurations. SCAP’s open-standard, SML-based language is discussed, along with the Open Vulnerability and Assessment Language (OVAL), and how it communicates. It is written by a team of subject matter experts from G2, a leading security company working closely with the SCAP standards agency (NIST), government clients, including the Department of Defense, NSA, Drug Enforcement Administration, and FDA, and private clients such as American Express, Monster.com, and Black & Decker.

Greg Witte leads the U.S. Federal civilian customer support team at G2, Inc., a security firm committed to solving the most complex challenges related to the ability of the U.S. to collect, utilize, and defend digital information.

Melanie Cook is an information systems engineer at G2, Inc. She previously worked at the National Security Agency and at the National Institute of Standards and Technology where she contributed to SCAP efforts.

Matt Kerr is G2’s Director of Research and Development. He helped develop the DISA Gold Disk application, the primary compliance assessment utility for Department of Defense systems.

Shane Shaffer is the Technical Director of Security Automation for G2. He served as the lead architect of the Department of Defense’s Vulnerability Management System and has been a key contributor to the development of SCAP.

Chapter 1 is excerpted below.