How can agencies use Security Content Automation Protocol (SCAP) FDCC content to automate FISMA compliance of technical controls?

SCAP-validated tools, which agencies use to continuously monitor FDCC settings, can output FISMA technical control compliance evidence. The OVAL and XCCDF-based SCAP content has FISMA compliance mappings embedded in it so that SCAP-validated tools can automatically generate NIST Special Publication (SP) 800-53 assessment and compliance evidence. Each low level security configuration check is mapped to the appropriate high level NIST SP 800-53 security controls.

The assessment procedures found in NIST SP 800-53A are linked, where appropriate, to the SCAP automated testing of information system mechanisms and associated security configuration settings. In addition, the FDCC SCAP content also contains mappings to other high level policies (e.g. , ISO, DOD 8500, FISCAM) and SCAP tools may also output those compliance mappings. There exists additional SCAP content that can also be used by agencies to automate FISMA technical control compliance.

This SCAP content is available at http://scap. ... more.

The XCCDF-based SCAP content contains Common Configuration Enumeration (CCE) identifiers. The CCEs are mapped to the 800-53 controls and posted to the National Vulnerability Database (NVD) data feed located at http://nvd.nist.gov/cce.cfm. CCE to 800-53 mappings can also be obtained on a per checklist basis for Tier III checklists at checklists.nist.gov.

This data can be used to demonstrate NIST Special Publication (SP) 800-53 assessment and compliance evidence. More.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.