Advancing Security Automation and Standardization: Revised Technical Specifications Issued for the Security Content Automation Protocol (SCAP)
Shirley M. Radack
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-126 Rev. 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2. This publication was written by David Waltermire and Stephen Quinn of NIST, Karen Scarfone of Scarfone Cybersecurity, and Adam Halbardier of Booz Allen Hamilton. SP 800-126 Rev. 2 defines the technical composition of SCAP version 1.2, including its component specifications, their interrelationships and interoperation, and the requirements for SCAP content. SCAP is a multi-purpose protocol that supports automated checking of security configuration settings, vulnerability checking, technical control compliance activities, and security measurement. The bulletin discusses the contents of the publication, including the components of SCAP Version 1.2, NIST's recommendations for applying SCAP, the validation of SCAP products, and plans for future SCAP activities. References are provided to NIST publications that are related to SCAP and that support SCAP validation.