The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA (Federal Information Security Management Act, 2002) compliance.
SCAP is a suite of tools that have been compiled to be compatible with various protocols for things like configuration management, compliance requirements, software flaws, or vulnerabilities patching.
The SCAP suite of specifications standardize the nomenclature and formats used by these automated vulnerability management, measurement, and policy compliance products.
Since 2018, version 1.3 of SCAP is meant to perform initial measurement and continuous monitoring of security settings and corresponding SP 800-53 controls.
Future versions will likely standardize and enable automation for implementing and changing security settings of corresponding SP 800-53 controls.