Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Content Automation Protocol SCAP

SCAP Community

The SCAP community is a public/private partnership consisting of interested parties from industry, research and educational institutions, and government that are working to advance automation and standardization of technical security operations. Involvement in SCAP extends to email-based discussion lists, conferences, and various technical working groups sponsored by a variety of organizations.

SCAP Email Discussion Lists

SCAP Discussion List (View and Subscribe)

The SCAP team at NIST maintains a moderated discussion list that users can post to, regarding the Security Content Automation Protocol (SCAP). This is the primary discussion list for on-going development of SCAP v2.This list is moderate in volume.

Asset Specifications Development List (Subscribe) (Unsubscribe)

The SCAP team at NIST maintains a mailing list for discussions about specifications focused on assets. This list is the primarily used by the Asset Working Group.

OCIL Discussion List (Subscribe) (Unsubscribe)

The SCAP team at NIST maintains a mailing list for discussion about the development of OCIL.

SCAP Announcements List (Subscribe) (Unsubscribe)

The SCAP team at NIST maintains a mailing list for sending out announcements regarding SCAP, the National Checklist Program (NCP), and the SCAP Validation Program. The list is extremely low volume and subscribers should expect to receive only a few emails a year. We appreciate the opportunity to keep you updated on recent developments..

SCAP Content Discussion List (Subscribe) (Unsubscribe)

This list is low in volume.

Emerging Specifications Discussion List (Subscribe) (Unsubscribe)

The SCAP team at NIST maintains a moderated technical discussion list used to develop and review emerging security automation standards. This list is moderate in volume.

SCAP and Emerging Specification Efforts

Communities also exist with email discussion lists for current SCAP and emerging specifications.

Vulnerability Reporting Discussion and Exchange (Subscribe) Note: This list is not managed by NIST

This non-NIST mailing list is a follow-up from some of the discussions that occurred during the "Future of Global Vulnerability Reporting" track at the 7th Annual IT Security Automation Conference. The list is intended to facilitate the discussion of how to exchange information pertaining to vulnerabilities.

Created December 07, 2016, Updated May 13, 2024