Security Content Automation Protocol (SCAP) is “a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans.” Which of the following is a member of SCAP component specifications? (Wentz QOTD)
A. Key risk indicator (KRI)
B. Non-compliant items
C. Management review
D. Common Vulnerability Scoring System (CVSS)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Common Vulnerability Scoring System (CVSS).

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Reference

---

安全內容自動化協議 (SCAP) 是“一套標準化格式和術語的規範，軟件缺陷和安全配置信息通過這些規範與機器和人類進行通信。” 以下哪項是 SCAP 組件規範的成員？ (WentzWu QOTD)
A. 關鍵風險指標（KRI）
B. 不合規項目
C. 管理審查
D. 通用漏洞評分系統 (CVSS)