Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Security Content Automation Protocol

SCAP Community

The SCAP community is a public/private partnership consisting of interested parties from industry, research and educational institutions, and government that are working to advance automation and standardization of technical security operations. Involvement in SCAP extends to email-based discussion lists, conferences, and various technical working groups sponsored by a variety of organizations.

SCAP Email Discussion Lists

Asset Specifications Development List (Subscribe) (Unsubscribe)

The SCAP team at NIST maintains a mailing list for discussions about specifications focused on assets. This list is the primarily used by the Asset Working Group.

OCIL Discussion List (Subscribe) (Unsubscribe)

The SCAP team at NIST maintains a mailing list for discussion about the development of OCIL.

SCAP Announcements List (Subscribe) (Unsubscribe)

The SCAP team at NIST maintains a mailing list for sending out announcements regarding SCAP, the National Checklist Program (NCP), and the SCAP Validation Program. The list is extremely low volume and subscribers should expect to receive only a few emails a year. We appreciate the opportunity to keep you updated on recent developments.

SCAP Discussion List (Subscribe) (Unsubscribe)

The SCAP team at NIST maintains a moderated discussion list that users can post to, regarding the Security Content Automation Protocol (SCAP). This list is moderate in volume.

SCAP Content Discussion List (Subscribe) (Unsubscribe)

This list is low in volume.

Emerging Specifications Discussion List (Subscribe) (Unsubscribe)

The SCAP team at NIST maintains a moderated technical discussion list used to develop and review emerging security automation standards. This list is moderate in volume.

SCAP and Emerging Specification Efforts

Communities also exist with email discussion lists for current SCAP and emerging specifications.

Vulnerability Reporting Discussion and Exchange (Subscribe) Note: This list is not managed by NIST

This non-NIST mailing list is a follow-up from some of the discussions that occurred during the "Future of Global Vulnerability Reporting" track at the 7th Annual IT Security Automation Conference. The list is intended to facilitate the discussion of how to exchange information pertaining to vulnerabilities.

Created December 07, 2016, Updated September 20, 2018