0

I work in an industry that uses manufacturing equipment that typically run on Windows or unix-like OS.

An industry body is developing security standards and plans to require the use of Security Content Automation Protocol so I was wondering about implementation of SCAP in other industries.

The proposed requirements will require a SCAP scan be run

a) On every machine prior to leaving the supplier factory. b) On every installed machine after any software upgrade on that machine. (including the OS or applications)

I am new to SCAP and quite new to information security in general. I am wondering if SCAP implementation like this is normal in an industrial or any other setting?

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
dvd940
  • 1
  • I have made an assumption that you meant Security Content Automation Protocol. If you meant something else please edit and describe. Are you fully aware of the NIST specification for this? I think it will have the answers you seek. – Rory Alsop Mar 25 '21 at 17:10
  • Yes, I did mean Security Content Automation Protocol - thanks for updating the question. I am not fully aware of the specification but I am currently working my way through the NIST documents to determine the implementation recommendations for the two scenarios. Thanks. – dvd940 Mar 26 '21 at 14:51

0 Answers0