SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3

Booth, Harold; Waltermire, David; Badger, Mark; Cook, Melanie; Quinn, Stephen; Scarfone, Karen

doi:https://doi.org/10.6028/NIST.SP.800-126A

NIST SP 800-126A

SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3

Documentation Topics

Date Published: February 2018

Author(s)

Harold Booth (NIST), David Waltermire (NIST), Mark Badger (NIST), Melanie Cook (NIST), Stephen Quinn (NIST), Karen Scarfone (Scarfone Cybersecurity)

Abstract

The Security Content Automation Protocol (SCAP) is a multi-purpose framework of component specifications that support automated configuration, vulnerability, and patch checking, security measurement, and technical control compliance activities. The SCAP version 1.3 specification is defined by the combination of NIST Special Publication (SP) 800-126 Revision 3, a set of schemas, and this document. This document allows the use of particular minor version updates to SCAP 1.3 component specifications and the use of particular Open Vulnerability and Assessment Language (OVAL) core schema and platform schema versions. Allowing use of these updates and schemas provides additional functionality for SCAP 1.3 without causing any loss of existing functionality.

Keywords

Open Vulnerability and Assessment Language (OVAL); security automation; security configuration; Security Content Automation Protocol (SCAP)

Control Families

Audit and Accountability; Assessment, Authorization and Monitoring; Incident Response; Maintenance; Risk Assessment

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-126A
Download URL

Supplemental Material:
SCAP project

Publication Parts:
SP 800-126 Rev. 3

Related NIST Publications:
IR 7511 Rev. 5
IR 7511 Rev. 5 (Draft)

Document History:
02/14/18: SP 800-126A (Final)

Topics

Security and Privacy

audit & accountability, incident response, maintenance, security automation, threats, vulnerability management

Laws and Regulations

Cybersecurity Strategy and Implementation Plan, Federal Information Security Modernization Act, OMB Circular A-130