Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects Security Content Automation Protocol SCAP Releases SCAP 1.3

Security Content Automation Protocol SCAP

SCAP 1.3 Schematron Rules

The following sections detail the Schematron rules for SCAP 1.3.

SCAP Schematron Rules

The SCAP Schematron Rules are ISO Schematron rules written to check many of the requirements documented in NIST SP 800-126 Rev 3. They are for informational purposes only; they do not supercede the requirements in the specification. The rules are subject to change at anytime. Instructions on how to use the resource are provided in the included scap-rules-readme.txt.

Version: 1.3.5

Released: 08/06/2020

Download: SCAP Schematron Package

SHA-256: 74AE4D0B76975E56738B68D7C45B37D4C2C64F12898232B3F5AEB3C988808AB6

OVAL Schematron Rules

The OVAL Schematron Rules page contains the OVAL Schematron files that are applicable to SCAP 1.3. These are provided because in limited cases the Schematron files needed to be modified from their official version (found here). All deviations from the officially released versions are documented in the oval-rules-readme.txt.

Updated: 08/06/2020

Download: OVAL Schematron Package

SHA-256: 74C7F470C8FB5BFDC10C378DA896D5EFB4AEF1CE440D0CB66B7B9D03940040FA

Contacts

SCAP Inquiries
scap@nist.gov

Created December 07, 2016, Updated April 20, 2023