SCAP and Vulnerability Assessments

If cybersecurity systems within an organization do not communicate or require manual updates to share information, then an attack could go undetected or delay detection. In addition, organizations over time collaborate and add other stakeholders, which can become more difficult if there is not a common language and methodology for systems to interoperate. In order to future-proof cyber operations, management indicated they would like all cybersecurity tools to be SCAP compliant. SCAP stands for Security Content Automation Protocol. It is designed to allow vendor agnostic communications between security products. In order to respond to management, you have been asked to research SCAP, understand the methodology and write an introduction to SCAP and a vendor compliance statement to give to the acquisition department and the CISO and CIO staff responsible for analyzing technology and recommending products. Note that some products may not be directly SCAP compliant, i.e., server event logs are generated and stored locally. A SCAP-compliant Security Incident and Event Monitoring system may be able to read the logs and then push any reports or alerts into SCAP-compliant format. Conduct your research at the following website: https://csrc.nist.gov/projects/security-content-automation-protocol/ Now, compose the requested documentation of your research. You can write your assignment in a real world context, such as food industry, higher education, health care, and so on. Your paper should include the following information: -An introduction to SCAP and why it is important. -The requirement for systems procurement to include SCAP as a requirement on all newly acquired cybersecurity systems.