The document introduces the Security Content Automation Protocol (SCAP) which comprises a suite of specifications for organizing and expressing security-related information in standardized ways. SCAP can be used to automatically verify the installation of patches, check system security configuration settings, and examine systems for signs of compromise. It then describes some of the key components of SCAP including XCCDF for security checklists, OVAL for auditing, CCE for configuration guides, CPE for environment descriptions, CVE for vulnerability disclosures, and CVSS for vulnerability impact scoring. The document encourages using SCAP to automate security tasks wherever possible and contributing new SCAP content.