Hi,
neither SCAP nor CERT data is directly related to vulnerability scanning or configuration checks.
You need to see both data sets as some sort of additional but optional metadata. This metadata is provided at the SecInfo Management and is just adding additional information about vulnerabilities.
In short words: There is no lower coverage of product/vulnerability detection or configuration/policy checks if you don’t sync the SCAP and/or CERT data.