The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1

Waltermire, David; Quinn, Stephen; Scarfone, Karen

doi:https://doi.org/10.6028/NIST.SP.800-126r1

SP 800-126 Rev. 1

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1

Documentation Topics

Date Published: February 2011

Author(s)

David Waltermire (NIST), Stephen Quinn (NIST), Karen Scarfone (G2)

Abstract

This document provides the definitive technical specification for Version 1.1 of the Security Content Automation Protocol (SCAP). SCAP consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations. This document defines all SCAP Version 1.1 requirements that are not defined in the individual SCAP component specifications.

Keywords

Security automation; security configuration; Security Content Automation Protocol; vulnerabilities; SCAP; security content automation

Control Families

Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Maintenance; Risk Assessment; System and Communications Protection; System and Services Acquisition

Documentation

Publication:
SP 800-126 Rev. 1 (DOI)
Local Download

Supplemental Material:
None available

Document History:
02/25/11: SP 800-126 Rev. 1 (Final)

Topics

Security and Privacy
acquisition; audit & accountability; maintenance; risk assessment; security automation

Laws and Regulations
Federal Information Security Modernization Act; OMB Circular A-130