Information Security Automation Program Law and Legal Definition

The Information Security Automation Program (ISAP) refers to the U.S. government multi-agency initiative that enables automation and standardization of technical security operations. The ISAP aims standards based automation of security checking and remediation as well as automation of technical compliance activities.

The program basically aims to include enabling standards based communication of vulnerability data, customizing and managing configuration baselines for various IT products, assessing information systems and reporting compliance status, using standard metrics to weight and aggregate potential vulnerability impact, and remediating identified vulnerabilities.