What tool is commonly used to allow for measurement and monitoring of security settings to align with NIST 800-53 controls?

The Security Content Automation Protocol (SCAP) is frequently used to allow for monitoring and measurement of NIST 800-53-based controls. SAML is used for authorization and authentication, and CVE and CVSS are used to identify and rank vulnerabilities.