Generation of SCAP content uses XSLT to create an XCCDF document with an accompanying OVAL document, bundled into an SCAP data stream collection document.

Steps:

Generate the "all rules" variant of the checklist in HTML form.
Generate the "all rules" variant of the checklist in OVAL form.
Generate the XCCDF document using the "all rules" checklist and OVAL as inputs.
Generate the SCAP data stream document using the XCCDF and OVAL documents.
Generate a report from the XCCDF document to be used for quality checking.

These steps are configured within the Makefile.

Dependencies

The supplied Makefile relies on the following components:

HTML Tidy — Tidy is an HTML/XML syntax checker and reformatter.
Saxon 10 — Saxon is an XSLT 3.0 implementation. The HE variant, which is open source, will suffice for the XSL transformations.

Optional components

SCAP Content Validation Tool (SCAPVal) — See SCAP Content Validation Tool under "Tools". Version 1.3.5 or later is required.

SCAP References

Security Content Automation Protocol (SCAP) 1.3

That page has links to most of the SCAP-related normative documents.

An SCAP data stream (typically) consists of several XML documents knit together in a containing XML document. The component documents are

An XCCDF document
An OVAL document referenced by the XCCDF document
An OCIL document referenced by the XCCDF document
A CPE dictionary document referenced by the XCCDF document
An OVAL document referenced by the CPE dictionary document

National Checklist Program for IT Products: Guidelines for Checklist Users and Developers

National Checklist Program Repository