Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-117 Rev. 1 (DRAFT)

Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2

Date Published: January 2012
Comments Due: February 17, 2012 (public comment period is CLOSED)
Email Questions to: 800-117comments@nist.gov

Author(s)

Stephen Quinn (NIST), Karen Scarfone (Scarfone Cybersecurity), David Waltermire (NIST)

Announcement

NIST announces the public comment release of draft Special Publication (SP) 800-117 Revision 1, Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2. The purpose of this document is to provide an overview of SCAP version 1.2. This document discusses SCAP at a conceptual level, focusing on how organizations can use SCAP-enabled tools to enhance their security posture. It also explains to IT product and service vendors how they can adopt SCAP version 1.2 capabilities within their offerings. The intended audience for this document is individuals who have responsibilities for maintaining or verifying the security of systems in operational environments.

Abstract

Keywords

security configuration management; Security Content Automation Protocol (SCAP); security automation; vulnerability management
Control Families

Audit and Accountability; Security Assessment and Authorization; Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Communications Protection;

Documentation

Publication:
Draft SP 800-117 Rev. 1

Supplemental Material:
None available

Related NIST Publications:
SP 800-126 Rev. 2