Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Shirley M. Radack;|
|Title:||Advancing Security Automation and Standardization: Revised Technical Specifications Issued for the Security Content Automation Protocol (SCAP)|
|Published:||January 24, 2012|
|Abstract:||This bulletin summarizes the information presented in NIST Special Publication (SP) 800-126 Rev. 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2. This publication was written by David Waltermire and Stephen Quinn of NIST, Karen Scarfone of Scarfone Cybersecurity, and Adam Halbardier of Booz Allen Hamilton. SP 800-126 Rev. 2 defines the technical composition of SCAP version 1.2, including its component specifications, their interrelationships and interoperation, and the requirements for SCAP content. SCAP is a multi-purpose protocol that supports automated checking of security configuration settings, vulnerability checking, technical control compliance activities, and security measurement. The bulletin discusses the contents of the publication, including the components of SCAP Version 1.2, NIST's recommendations for applying SCAP, the validation of SCAP products, and plans for future SCAP activities. References are provided to NIST publications that are related to SCAP and that support SCAP validation.|
|Keywords:||configuration management, cyber security, information security, information systems, information technology (IT), National Vulnerability Database, NIST Special Publications, risk management, Risk Management Framework, Security Content Automation Protocol, security checklists, security controls, software flaws, security management, threats, voluntary consensus standards, vulnerabilities|
|Research Areas:||Information Technology, Computer Security, Cybersecurity|
|PDF version:||Click here to retrieve PDF version of paper (184KB)|