Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Content Automation Protocol SCAP

Trust Model for Security Automation Data (TMSAD)

TMSAD describes a common trust model that can be applied to specifications within the security automation domain, such as Security Content Automation Protocol (SCAP). Since information in the security automation domain is primarily exchanged using Extensible Markup Language (XML), the focus of this model is on the processing of XML documents. The trust model is composed of recommendations on how to use existing specifications to represent signatures, hashes, key information, and identity information in the context of an XML document within the security automation domain.

TMSAD Resources

TMSAD 1.0 Resources (September 2011)

XML Schema Files: [what is a schema?]

TMSAD 1.0 Schema (XSD 1.0)

XML Schematron Files: [what is Schematron?]

TMSAD 1.0 Schematron (XSLT 2.0)

File was updated on May 1, 2012
  See changelog in the file for details




Basic Example

Signature with Manifest Example

Countersigning Example

Note: Examples are for demonstration purposes only and will not validate. They use sample data, keys, certificates, and they have been reformatted for clarity.

Created December 07, 2016, Updated May 13, 2024