SCAP uses baselines such as STIGs to check configurations. Which baseline is specifically used for secure configuration compliance?

SCAP uses predefined baselines to automatically verify system configurations. The baseline that specifically targets secure configuration compliance is the STIGs Baselines. STIGs are Security Technical Implementation Guides developed by DISA that define detailed, prescriptive settings required to securely configure systems. When SCAP inventories a host and checks against a STIG baseline, it assesses whether each setting matches the mandated secure configuration and flags any deviations for remediation. Other options provide valuable security guidance—CIS Benchmarks offer vendor-specific hardening recommendations, NIST SP 800-53 lists security controls, and ISO 27001 provides an ISMS framework—but they are not the SCAP baselines focused on automated secure configuration compliance.