While a U.S. government initiative, its standards based design can benefit all information technology security operations.
ISAP's technical specifications are contained in the related Security Content Automation Protocol (SCAP).
ISAP's security automation content is either contained within, or referenced by, the National Vulnerability Database.
ISAP is being formalized through a trilateral memorandum of agreement (MOA) between Defense Information Systems Agency (DISA), the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST).
The Office of the Secretary of Defense (OSD) also participates and the Department of Homeland Security (DHS) funds the operation infrastructure on which ISAP relies (i.e., the National Vulnerability Database).