SCAP

The Security Content Automation Protocol is a set of standards and specifications that allow security-conscious actors to document and manage security-related settings (information, checks, vulnerabilities, ...) so that compatible tools can leverage this information.

A well known standard included in SCAP is CVE, the Common Vulnerabilities and Exposures system that identifies vulnerabilities in software, hardware and operating systems and is used by many vulnerability reports to link their information with the publicly available information (an example is CVE-2011-1095). However, many other standards are included in SCAP, like XCCDF (to describe security benchmarks) and OVAL (to test security settings).

openscap
The oscap application (part of is able to read in XCCDF and OVAL file formats and both transform them into readable reports as well as execute OVAL-described tests against a system.

Resources

 * User-provided benchmarks for Gentoo Linux, usable with.