This bulletin summarizes the information presented in NIST Special Publication (SP) 800-126 Rev. 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2. This publication was written by David Waltermire and Stephen Quinn of NIST, Karen Scarfone of Scarfone Cybersecurity, and Adam Halbardier of Booz Allen Hamilton. SP 800-126 Rev. 2 defines the technical composition of SCAP version 1.2, including its component specifications, their interrelationships and interoperation, and the requirements for SCAP content. SCAP is a multi-purpose protocol that supports automated checking of security configuration settings, vulnerability checking, technical control compliance activities, and security measurement. The bulletin discusses the contents of the publication, including the components of SCAP Version 1.2, NIST's recommendations for applying SCAP, the validation of SCAP products, and plans for future SCAP activities. References are provided to NIST publications that are related to SCAP and that support SCAP validation.
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-126 Rev. 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2. This publication was written by David Waltermire and Stephen Quinn of NIST, Karen Scarfone of...
See full abstract
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-126 Rev. 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2. This publication was written by David Waltermire and Stephen Quinn of NIST, Karen Scarfone of Scarfone Cybersecurity, and Adam Halbardier of Booz Allen Hamilton. SP 800-126 Rev. 2 defines the technical composition of SCAP version 1.2, including its component specifications, their interrelationships and interoperation, and the requirements for SCAP content. SCAP is a multi-purpose protocol that supports automated checking of security configuration settings, vulnerability checking, technical control compliance activities, and security measurement. The bulletin discusses the contents of the publication, including the components of SCAP Version 1.2, NIST's recommendations for applying SCAP, the validation of SCAP products, and plans for future SCAP activities. References are provided to NIST publications that are related to SCAP and that support SCAP validation.
Hide full abstract
Keywords
configuration management; cyber security; information security; information systems; information technology (IT); National Vulnerability Database; NIST Special Publications; risk management; Risk Management Framework; Security Content Automation Protocol; security checklists; security controls; software flaws; security management; threats; voluntary consensus standards; vulnerabilities