SCAP Settings in Tenable Vulnerability Management Scans

Security Content Automation Protocol (SCAP) is an open standard that enables automated management of vulnerabilities and policy compliance for an organization. SCAP relies on multiple open standards and policies, including OVAL, CVE, CVSS, CPE, and FDCC policies.

Tenable Vulnerability Management allows you to add SCAP (and OVAL) compliance checks to your scans. You can only configure SCAP settings when you use the SCAP and OVAL Auditing scan template.

Caution: SCAP scans in Tenable Vulnerability Management are unverified.

You can select Linux (SCAP), Linux (OVAL), Windows (SCAP), or Windows (OVAL). The following table describes each option's settings:

Setting Default Value Description
Linux (SCAP) or Windows (SCAP)
SCAP File None A valid zip file that contains full SCAP content. The file contains XCCDF, OVAL, and CPE for versions 1.0 and 1.1, DataStream for version 1.2.
SCAP Version 1.2 The SCAP version that is appropriate for the content in the uploaded SCAP file.
SCAP Data Stream ID None

(SCAP Version 1.2 only) The data-stream id that you copied from the SCAP XML file.


<data-stream id="">
SCAP Benchmark ID None

The Benchmark id that you copied from the SCAP XML file.


<xccdf:Benchmark id="xccdf_gov.nist_benchmark_USGCB-Windows-7">
SCAP Profile ID None

The Profile id that you copied from the SCAP XML file.


<xccdf:Profile id="xccdf_gov.nist_profile_united_states_government_configuration_baseline_version_1.2.3.1">
OVAL Result Type Full results w/ system characteristics

The information you want the results file to include.

The results file can be one of the following types: Full results with system characteristics, Full results without system characteristics, or Thin results.

Linux (OVAL) or Windows (OVAL)
OVAL definitions file None A valid zip file that contains OVAL standalone content.