Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-126 Rev. 3 (Initial Public Draft)

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3

Date Published: July 2016
Comments Due: August 19, 2016 (public comment period is CLOSED)
Email Questions to: 800-126comments@nist.gov

Author(s)

David Waltermire (NIST), Stephen Quinn (NIST), Harold Booth (NIST), Karen Scarfone (Scarfone Cybersecurity), Dragos Prisaca (G2)

Announcement

NIST invites comments on two draft publications on the Security Content Automation Protocol (SCAP). The first is Special Publication (SP) 800-126 Revision 3, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3. The second is SP 800-126A, SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3.

SP 800-126 Revision 3 and SP 800-126A collectively define the proposed technical specification for SCAP version 1.3, which is based on enhancements and clarifications to the SCAP 1.2 specification. SP 800-126A is a new publication that allows SCAP 1.3 to take advantage of selected minor version updates of SCAP component specifications, as well as designated Open Vulnerability and Assessment Language (OVAL) platform schema versions.

Abstract

Keywords

patch verification; security automation; security checklists; security configuration; 112 Security Content Automation Protocol (SCAP); software flaws; checklists; vulnerabilities
Control Families

Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Services Acquisition; System and Communications Protection

Documentation

Publication:
Draft SP 800-126 Rev. 3 (pdf)

Supplemental Material:
Comment Template (docx)

Related NIST Publications:
IR 7511 Rev. 5 (Draft)

Document History:
07/18/16: SP 800-126 Rev. 3 (Draft)