Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements (NIST IR 7511 rev. 5) released April 2018 includes updates pertaining to platforms, component specification test requirements, and introduces module validation as well as the SCAP Inside labeling program. Please see the Summary of Changes table for a complete list of changes between NISTIR 7511 Revision 4 and NISTIR 7511 Revision 5.
Authenticated Configuration Scanner
The capability to audit and assess a target system to determine its compliance with a defined set of configuration requirements using target system logon privileges. The ACS capability includes the functionality previously covered by FDCC Scanner and USGCB Scanner capabilities.
The CVE option is the capability to support CVEs. This option may be awarded in conjunction with the ACS validation. The CVE option cannot be claimed by itself.
The OCIL option is the capability to support the Open Checklist Interactive Language (OCIL) to collect information (data) from people and or from existing data stores by other collection efforts. The OCIL option cannot be claimed by itself. This option may only be claimed in conjunction with the Authenticated Configuration Scanner (ACS) capability
With the release of NISTIR 7511 Revision 5, vendors may request testing of products for the following platforms.
Microsoft Windows
Microsoft Windows Vista with Service Pack 2 or later
Microsoft Windows 7 SP1 or later, 32-bit edition
Microsoft Windows 7 SP1 or later, 64-bit edition
Microsoft Windows 8.1 SP0 or later, 32-bit edition
Microsoft Windows 8.1 SP0 or later, 64-bit edition
Microsoft Windows 10 SP0 or later, 32-bit edition
Microsoft Windows 10 SP0 or later, 64-bit edition
Microsoft Windows Server 2012 R2 SP0 or later, 64-bit edition
Red Hat Enterprise Linux
Red Hat Enterprise Linux 6, 32-bit edition
Red Hat Enterprise Linux 6, 64-bit edition
Red Hat Enterprise Linux 7, 64-bit edition
Apple Mac OS
Apple Mac OS 10.11 (OS X El Capitan)
Security and Privacy: continuous monitoring, patch management, security automation, testing & validation, vulnerability management