The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3

Waltermire, David; Quinn, Stephen; Booth, Harold; Scarfone, Karen; Prisaca, Dragos

doi:https://doi.org/10.6028/NIST.SP.800-126r3

SP 800-126 Rev. 3

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3

Documentation Topics

Date Published: February 2018

Author(s)

David Waltermire (NIST), Stephen Quinn (NIST), Harold Booth (NIST), Karen Scarfone (Scarfone Cybersecurity), Dragos Prisaca (G2)

Abstract

The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along with its annex (NIST Special Publication 800-126A) and a set of schemas, collectively define the technical composition of SCAP version 1.3 in terms of its component specifications, their interrelationships and interoperation, and the requirements for SCAP content.

Keywords

checklists; patch verification; security automation; security checklists; security configuration; 112 Security Content Automation Protocol (SCAP); software flaws; vulnerabilities

Control Families

Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Communications Protection; System and Services Acquisition

Documentation

Publication:
SP 800-126 Rev. 3 (DOI)
Local Download

Supplemental Material:
SCAP project (other)

Other Parts of this Publication:
SP 800-126A

Related NIST Publications:
NISTIR 7511 Rev. 5

Document History:
02/14/18: SP 800-126 Rev. 3 (Final)

Topics

Security and Privacy
acquisition; audit & accountability; digital signatures; incident response; maintenance; risk assessment; security automation; threats; vulnerability management

Laws and Regulations
Federal Information Security Modernization Act; OMB Circular A-130