The Security Content Automation Protocol (SCAP) is a method that uses open standards to organize and express security-related information. It's not a regulation or a mandate, but it allows federal agencies to automate a great deal of manual processes and make data standardization and comparisons a lot easier.
If you are part of a federal agency and are working at being FISMA compliant, making your security solutions SCAP compliant will help you gain efficiency in your reporting. In addition, using SCAP Compliance tools ensures that you'll be able to report on your security progress to the Department of Homeland Security, as required by FISMA, and that your security systems will all work together. This paves the way for the automation of vulnerability management tasks, including vulnerability scanning and management, checking for misconfigurations and report generation.
Rapid7 InsightVM is SCAP validated and accredited for regulations including USGCB and FDCC, meaning any federal agency using InsightVM will be able to scan their systems for specific security controls within FISMA requirements.