U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Advancing Security Automation and Standardization: Revised Technical Specifications Issued for the Security Content Automation Protocol (SCAP)

Published

Author(s)

Shirley M. Radack

Abstract

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-126 Rev. 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2. This publication was written by David Waltermire and Stephen Quinn of NIST, Karen Scarfone of Scarfone Cybersecurity, and Adam Halbardier of Booz Allen Hamilton. SP 800-126 Rev. 2 defines the technical composition of SCAP version 1.2, including its component specifications, their interrelationships and interoperation, and the requirements for SCAP content. SCAP is a multi-purpose protocol that supports automated checking of security configuration settings, vulnerability checking, technical control compliance activities, and security measurement. The bulletin discusses the contents of the publication, including the components of SCAP Version 1.2, NIST's recommendations for applying SCAP, the validation of SCAP products, and plans for future SCAP activities. References are provided to NIST publications that are related to SCAP and that support SCAP validation.
Citation
ITL Bulletin -
NIST Pub Series
ITL Bulletin
Pub Type
NIST Pubs

Download Paper

Local Download

Keywords

configuration management, cyber security, information security, information systems, information technology (IT), National Vulnerability Database, NIST Special Publications, risk management, Risk Management Framework, Security Content Automation Protocol, security checklists, security controls, software flaws, security management, threats, voluntary consensus standards, vulnerabilities
Information technology and Cybersecurity

Citation

Radack, S. (2012), Advancing Security Automation and Standardization: Revised Technical Specifications Issued for the Security Content Automation Protocol (SCAP), ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=910245 (Accessed April 19, 2024)

Created January 24, 2012, Updated January 27, 2020