Date Published: July 2016
Comments Due:
Email Questions to:
Author(s)
Harold Booth (NIST), David Waltermire (NIST), Mark Badger (NIST), Melanie Cook (NIST), Stephen Quinn (NIST), Karen Scarfone (Scarfone Cybersecurity)
Announcement
NIST invites comments on two draft publications on the Security Content Automation Protocol (SCAP). The first is Special Publication (SP) 800-126 Revision 3, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3. The second is SP 800-126A, SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3.
SP 800-126 Revision 3 and SP 800-126A collectively define the proposed technical specification for SCAP version 1.3, which is based on enhancements and clarifications to the SCAP 1.2 specification. SP 800-126A is a new publication that allows SCAP 1.3 to take advantage of selected minor version updates of SCAP component specifications, as well as designated Open Vulnerability and Assessment Language (OVAL) platform schema versions.
The Security Content Automation Protocol (SCAP) is a multi-purpose framework of component specifications that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. The SCAP version 1.3 specification is defined by the combination of NIST Special Publication (SP) 800-126 Revision 3 and this document. This document allows the use of particular minor version updates to SCAP 1.3 component specifications and the use of particular Open Vulnerability and Assessment Language (OVAL) core schema and platform schema versions. Allowing use of these updates and schemas provides additional functionality for SCAP 1.3 without causing any loss of existing functionality
The Security Content Automation Protocol (SCAP) is a multi-purpose framework of component specifications that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. The SCAP version 1.3 specification is defined by the...
See full abstract
The Security Content Automation Protocol (SCAP) is a multi-purpose framework of component specifications that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. The SCAP version 1.3 specification is defined by the combination of NIST Special Publication (SP) 800-126 Revision 3 and this document. This document allows the use of particular minor version updates to SCAP 1.3 component specifications and the use of particular Open Vulnerability and Assessment Language (OVAL) core schema and platform schema versions. Allowing use of these updates and schemas provides additional functionality for SCAP 1.3 without causing any loss of existing functionality
Hide full abstract
Keywords
security 113 configuration; Security Content Automation Protocol (SCAP); security automation; Open Vulnerability and Assessment Language (OVAL)
Control Families
Audit and Accountability; Assessment, Authorization and Monitoring; Incident Response; Maintenance; Risk Assessment
