Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements



Melanie Cook, Dragos Prisaca, Stephen D. Quinn, David A. Waltermire


This report defines the requirements and associated test procedures necessary for products or modules to achieve one or more Security Content Automation Protocol (SCAP) validations. Validation is awarded based on a defined set of SCAP capabilities by independent laboratories that have been accredited for SCAP testing by the NIST National Voluntary Laboratory Accreditation Program (NVLAP).
NIST Interagency/Internal Report (NISTIR) - 7511rev5
Report Number


Security Content Automation Protocol (SCAP), SCAP derived test requirements (DTR), SCAP validated tools, SCAP validated products, SCAP validated modules, SCAP validation


Cook, M. , Prisaca, D. , Quinn, S. and Waltermire, D. (2018), Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed May 26, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created April 20, 2018, Updated May 4, 2021