SCAP Version 1.3 Validation Program Derived Test Requirements
Revision: 5
Status: Final
Specification: Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements
SCAP: Security Content Automation Protocol
Version: 1.3
Status: Final
Specification: The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
SCAP: Annex to NIST Special Publication 800-126 Revision 3
Version: 1.3
Status: Final
Specification: SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3
Date | SCAP Content | Documentation | Expiration Date |
---|---|---|---|
August 3, 2020 | Validation Test Suite version 1-3.0.0.0 Download: Validation Test Suite Bundle |
Change log | N/A |
SHA256
7E377C414CC84E4D04BEBF1F80D1C37953320E59D88E339F9901F7D315ACD29D |
|||
October 21, 2019 | Validation Test Suite version 1-3.0.0.0 (Release Candidate 2) Download: N/A |
Change log | November 21, 2019 |
SHA256
F88A2D3072915DE3665D4532371DAF972E47416E3D473CF1B30192DD643D0F76 |
|||
April 5, 2019 | Validation Test Suite version 1-3.0.0.0 (Release Candidate 1) Download: N/A |
Change log | May 20, 2019 |
SCAP Version 1.2 Validation Program Derived Test Requirements
Revision: 4
Status: Final
Specification: SCAP 1.2 Validation Program Test Requirements
SCAP: Security Content Automation Protocol
Version: 1.2
Status: Final
Specification: NIST SP800-126 Rev. 2
The SCAP Validation Program FAQ addresses common questions about updates to the SCAP 1.2 Validation Program.
The SCAP 1.2 Validation Program uses two broad categories of SCAP content for testing products. The broad categories of content include:
The Validation Test Content contains OVAL Test Data that exercises commonly used OVAL constructs and the data streams needed for testing specific DTR requirements:
This test suite is closer to unit testing rather than being based on a checklist. We recommend reviewing the FAQ and Validation Test Suite readme file prior to use.
Date | SCAP Content | Documentation | Expiration Date |
---|---|---|---|
September 14, 2017 | Validation Test Suite version 1-2.2.0.0 Download: Validation Test Suite Bundle |
Change log | n/a |
SHA256
7D33B68D6589D877FF0CE6C8A508F98578734F9C9BE54E09BBB96BF2855F9B70 |
|||
June 8, 2017 | Validation Test Suite version (RELEASE CANDIDATE) 1-2.2.0.0-rc1 | Last Date for Comments: July 8, 2017 |
|
June 02, 2016 | Validation Test Suite version 1-2.1.1.0 Download: Validation Test Suite Bundle |
Change log | March 15, 2018 |
SHA256
768749B36CCF6B92947A18014A3018DDBDD95126E2CA93DAB18EA318E1712D7B |
|||
April 05, 2016 | Validation Test Suite version 1-2.1.0.0 Download: Validation Test Suite Bundle |
Change log Known Issues |
December 02, 2016 |
SHA256
AA139815572FED37F5C825B5003C82EF38D47529B00D998FF1E0DB7FF30ED538 |
|||
February 16, 2016 | Validation Test Suite version (RELEASE CANDIDATE) 1-2.1.0.0-rc1 | Last Date for Comments: March 18, 2016 |
|
February 08, 2016 | Validation Test Suite version 1-2.0.3.0 -- Updated catalog files for Windows Download: Validation Test Suite Bundle |
Change log | August 31, 2016 |
SHA256
C61528D861BDC2C1DC0F3A8FE8D6D11AB366AF433C833288826E9B850C402FDF |
|||
April 1, 2015 | Validation Test Suite version 1-2.0.3.0 Download: Validation Test Suite Bundle |
Change log | August 31, 2016 |
SHA256
5B42B6D9D5FFF2E2E1658D89382B9B960231C12C1966072B6754A01EFF9B0389 |
|||
February 03, 2015 | Validation Test Suite version (RELEASE CANDIDATE) 1-2.0.3.0 | Last Date for Comments: March 03, 2015 |
|
March 11, 2014 | Validation Test Suite version 1-2.0.2.0 Download: Validation Test Suite Bundle |
Change log | September 30, 2015 (Six months after the final release of 1-2.0.3.0) |
SHA256
0B829786357AA886D8D0774E73F1C31C60777A06AF115341B4B1216BF4A936DD |
|||
February 10, 2014 | Validation Test Suite (RELEASE CANDIDATE) version 1-2.0.2.0-rc1 | Last Date for Comments: March 10, 2014 |
|
August 7, 2013 | Validation Test Suite version 1-2.0.1.0 Download: Validation Test Suite Bundle |
Change log | August 7, 2014 |
SHA256
3FA74D487403214032C4B36E8F535C3143DB2FE1991FE9757188E09D66EF7FAD |
|||
June 11, 2013 | Validation Test Suite (RELEASE CANDIDATE) version 1-2.0.1.0-rc1 | Last Date for Comments: July 11, 2013 |
|
December 21, 2012 | Validation Test Suite version 1-2.0.0.0 | Original release | December 21, 2013 |
Description: The USGCB Red Hat and Windows content is included in the SCAP 1.2 Validation Program.USGCB Download: https://usgcb.nist.gov/
SCAP Content Validation Tool
Download: SCAP Content Validation Tool
Description: The SCAP Content Validation Tool is designed to validate the correctness of a SCAP data stream for a particular use case according to what is defined in SP 800-126. This version of the tool is designed to validate SCAP content adhering to SCAP version 1.0 and 1.1. The scapval.html within the tool zip file contains additional information about how to run the tool.
SCAP Reference Implementation Tool
Download: SCAP Interpreter
Description: The SCAP Interpreter is an open source application that processes SCAP data streams. SCAP versions 1.0, 1.1, and 1.2 are supported. The SCAP Interpreter uses the XCCDF and OVAL Interpreters.
XCCDF Reference Implementation Tool
Download: XCCDF Interpreter
Description: The XCCDF Interpreter is an open source application for performing system analysis and report generation using the XCCDF format. This application will process an XCCDF and OVAL file.
OVAL Reference Implementation Tool
Download: OVAL Interpreter
Description: The OVAL interpreter (ovaldi) is an open source application that demonstrates the evaluation of OVAL definitions. This interpreter collects system information, evaluates it, and generates a detailed OVAL Results file.
OCIL Reference Implementation Tool
Download: OCIL Interpreter
Description: The OCIL interpreter (ocilqi) is an open source application that demonstrates how an OCIL document can be evaluated. It guides the end user in completing questionnaires, viewing, and computing results.
Security and Privacy: continuous monitoring, patch management, security automation, testing & validation, vulnerability management