Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

NIST Releases NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements

NIST released NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements, the latest in a series of documents on the Security Content Automation Protocol (SCAP), which describes the test requirements for SCAP version 1.3.  SCAP consists of open standards that are widely used by organizations to measure and continuously monitor the security settings and controls of computer systems and applications in order to find software flaws and security-related configuration issues. SCAP 1.3 consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations. The standardization of security information facilitates interoperability and enables predictable results among disparate SCAP enabled security software. The validation of security products is performed through a program developed by NIST called the SCAP Validation Program. The SCAP Validation Program offers vendors an opportunity to provide independent verification that security software correctly processes SCAP-expressed security information and provides standardized output. Industry and government end users benefit from the SCAP Validation Program by having assurance that SCAP-validated products have undergone independent testing and have met all necessary requirements defined in NISTIR 7511. This publication is intended for laboratories conducting SCAP product and module testing for the SCAP Validation Program, vendors interested in receiving SCAP validation for their products or modules, and organizations deploying SCAP products in their environments.

Released April 23, 2018, Updated May 2, 2018