SCAP Glossary

Selected acronyms and abbreviations related to SCAP compliance are provided below.


ARF Asset Reporting Format


CCE Common Configuration Enumeration

CCSS Common Configuration Scoring System

CPE Common Platform Enumeration

CVE Common Vulnerabilities and Exposures

CVSS Common Vulnerability Scoring System


FDCC Federal Desktop Core Configuration

FIRST Forum of Incident Response and Security Teams


NIST National Institute of Standards and Technology

NVD National Vulnerability Database


OCIL Open Checklist Interactive Language

OVAL Open Vulnerability and Assessment Language


SCAP Security Content Automation Protocol

TMSAD Trust Model for Security Automation Data


XCCDF Extensible Configuration Checklist Document Format