Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

We are building a provable archive!
A lock ( Dot gov ) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Security Content Automation Protocol SCAP

Project Links

Overview FAQs News & Updates Events Publications

SCAP 1.0

The following specifications comprise SCAP version 1.0. Please note that this version of SCAP is no longer supported by NIST.

Protocol

SCAP: Security Content Automation Protocol

Version: 1.0

Status: Final (Support Withdrawn)

Specification: NIST SP800-126

Tools

SCAP Content Validation Tool

Version: 1.1.2.9

Released: 04/28/2011

Download: SCAP Content Validation Tool for SCAP 1.0 and 1.1 (Download 20.9 MB) [Note: A new version is available here that supports SCAP 1.2.]

sha-1: E327A3477E4B6E9CD313B021E88572244967C4F8

sha-256: E9A49AF8DDC4E4A79785174969BD644ECDFF4C91E690625E9E9933FB9E2E33E5

Description: The SCAP Content Validation Tool is designed to validate the correctness of a SCAP data stream for a particular use case according to what is defined in SP 800-126. This version of the tool is designed to validate SCAP content adhering to SCAP version 1.0 and 1.1. The scapval.html within the tool zip file contains additional information about how to run the tool.

Languages

XCCDF: The eXtensible Configuration Checklist Description Format

Version: 1.1.4

Specification: NIST IR 7275 revision 3

Web site: xccdf

Email Discussion List: xccdf-dev@nist.gov (View archive) (Subscribe) (Unsubscribe)

OVAL®: Open Vulnerability and Assessment Language

Version: 5.3

Web site: http://oval.mitre.org/

Developer's Forum: OVAL-DEVELOPER-LIST@LISTS.MITRE.ORG (View archive) (Register)

Enumerations

CCE™: Common Configuration Enumeration

Version: 5

Web site: Common Configuration Enumeration (CCE)

Contact Email: cce@nist.gov

Official CCE List: https://nvd.nist.gov/cce/index.cfm

CPE™: Common Platform Enumeration

Version: 2.2

Specification: CPE Specification 2.2

Web site: Common Platform Enumeration (CPE)

Official Dictionary: https://nvd.nist.gov/products/cpe

CVE®: Common Vulnerabilities and Exposures

Version: No version

Web site: http://cve.mitre.org/

Contact Email: cve@mitre.org

Official CVE List: http://cve.mitre.org/cve/index.html

NVD CVE-based Vulnerabilities: https://nvd.nist.gov/view/vuln/search

Metrics

CVSS: Common Vulnerability Scoring System

Version: 2

Specification: NIST IR 7435

Web site: http://www.first.org/cvss/

Project Links

Overview FAQs News & Updates Events Publications

Additional Pages

Contacts

SCAP Inquiries
scap@nist.gov

Group

Security Testing, Validation and Measurement

Topics

Security and Privacy: configuration management, patch management, security automation, security measurement, vulnerability management

Related Projects

DevSecOps
National Checklist Program
Open Security Controls Assessment Language
SCAP v2
SCAP Validation Program
Software Identification Tagging
Testing Laboratories
U.S. Government Configuration Baseline

Contacts

SCAP Inquiries
scap@nist.gov

Group

Security Testing, Validation and Measurement

Topics

Security and Privacy: configuration management, patch management, security automation, security measurement, vulnerability management

Related Projects

DevSecOps
National Checklist Program
Open Security Controls Assessment Language
SCAP v2
SCAP Validation Program
Software Identification Tagging
Testing Laboratories
U.S. Government Configuration Baseline

Created December 07, 2016, Updated August 07, 2020