Malware once were used primarily to destroy the victim's PC, but the scenario has completely changed today.
While surviving the need of wanting to harm with malicious software, for example in the development of cyber weapons, the current trend is to develop agents that serve primarily to the function of spying.
Security products and checklist authors assemble content from SCAP data repositories to create viable SCAP-expressed security guidance. A security configuration checklist that documents desired security configuration settings, installed patches, and other system security elements using a standardized SCAP format is known as an SCAP-expressed checklist.
Such a checklist would use XCCDF to describe the checklist, CCE to identify security configuration settings to be addressed or assessed, and CPE to identify platforms for which the checklist is valid.