Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NISTIR 8058 (DRAFT)

Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content

Date Published: May 1, 2015
Comments Due: July 1, 2015 (public comment period is CLOSED)
Email Questions to: NISTIR8058-comments@nist.gov

Author(s)

Harold Booth (NIST), Melanie Cook (NIST), Stephen Quinn (NIST), David Waltermire (NIST), Karen Scarfone (Scarfone Cybersecurity)

Announcement

NIST announces the public comment release of NIST Internal Report (NIST IR 8058), Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content. SCAP is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. Over time, certain stylistic conventions regarding the authoring of SCAP 1.2 content have become best practices. They improve the quality of SCAP content in several ways, such as improving the accuracy and consistency of results, avoiding performance problems, reducing user effort, lowering content maintenance burdens, and enabling content reuse. This document has been created to capture the best practices and encourage their use by SCAP content authors and maintainers.

Abstract

Keywords

SCAP content; SCAP data stream; SCAP programmer; SCAP style guide; security automation; information security; Security Content Automation Protocol (SCAP)
Control Families

Configuration Management;

Documentation

Publication:
Draft NISTIR 8058

Supplemental Material:
None available

Topics

Security and Privacy
security automation

Laws and Regulations
OMB Circular A-130