Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-117

Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0

Date Published: July 2010

Withdrawn: November 27, 2018

Planning Note (11/27/2018): SCAP v1.0 is no longer supported.  For additional details, see information about SCAP Releases and the SCAP Release Cycle.


Stephen Quinn (NIST), Karen Scarfone (NIST), Matthew Barrett (G2), Christopher Johnson (NIST)



Security automation; security configuration management; Security Content Automation Protocol (SCAP); vulnerability management
Control Families

Audit and Accountability; Security Assessment and Authorization; Configuration Management; Maintenance; Risk Assessment; System and Communications Protection; System and Services Acquisition;


SP 800-117 (DOI)
Local Download

Supplemental Material:
None available