The Security Content Automation Protocol (SCAP) is a standard overseen by the National Institute of Standards and Technology (NIST). SCAP consists of a handful of XML-based data formats that are used for describing software vulnerabilities and software configuration items (CIs). For more information about SCAP and the data formats it includes, see

You can use the SCAP v1.0 (.cab) feature in SCM to export baselines in SCAP format, which creates XCCDF and OVAL files in a .cab file. When using SCM in conjunction with System Center Configuration Manager, use the DCM Configuration Pack export feature rather than SCAP content export feature.

To export SCAP content

  1. In the Baselines Library pane, click the baseline that you want to export as SCAP content, and then in the Action pane, in the Export area, click SCAP v1.0 (.cab).
    Note   Some baselines in SCM do not support SCAP.
  2. In the Export to SCAP dialog box, browse to the desired folder where you want to export the SCAP content, specify a name for the .cab file, and then click Save.

    The export operation produces the baseline in SCAP format in a .cab file in the location that you specified on your computer. The name of the .cab file is appended with _SCAP.