As part of monitoring the security posture of agency desktops, OMB requires federal agencies to use vulnerability scanning tools that leverage the ________ protocol.

Automating vulnerability data exchange and compliance checks across desktops relies on a common set of standards. The Security Content Automation Protocol provides the framework to describe vulnerabilities (CVE), software components (CPE), vulnerability scoring (CVSS), and configuration checks in a machine-readable way, enabling scanners to ingest feeds and compare results to government baselines. This standardization ensures interoperability among tools and consistent, repeatable assessments across federal desktops, which is why OMB requires its use. Other options serve different roles—SNMP is for device management, SSH for secure remote access, and TLS for securing communications—none provide the standardized vulnerability content and compliance language that SCAP offers.