Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo
Bookmark and Share

Security Content Automation Protocol


Currently, automation for vulnerability management, compliance management, and related software is sparse and typically functional only within one vendors product line. Due to competitive pressures, any commercial vendors attempting automation have done so in a very proprietary way, often lacking transparency and greatly hindering interoperability and repeatability Lacking automation, security operations teams across the U.S. Federal government and in private sector 1) have become overwhelmed by an increasing compliance workload and increasing number of vulnerabilities and 2) are spending a considerable amount of resources trying to keep pace through both manual methods and point solutions (i.e., very specific, non-reusable mechanism to connect proprietary solutions). Without leadership from a nonbiased entity, solutions to this problem have seen slow or limited functionality and adoption.


By standardizing communication by and between security and related software, NIST will significantly increase an organizationals ability to share, aggregate, measure, and report security information. Efficiencies gained through interoperability, repeatability, and automation thereof will result in very significant cost savings for organizations utilizing this technology.

Lead Organizational Unit:


Tim Grance
(301) 975-4242

100 Bureau Drive
M/S 8930
Gaithersburg, MD  20899-8930