U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NISTIR 7511 Rev. 5 (Draft)

Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements

Date Published: January 2018
Comments Due: February 19, 2018 (public comment period is CLOSED)
Email Questions to: ir7511comments@nist.gov


Melanie Cook (NIST), Stephen Quinn (NIST), David Waltermire (NIST), Dragos Prisaca (G2)


The NIST Security Content Automation Protocol (SCAP) Validation Program tests the ability of products and modules to use the features and functionality available through SCAP and its components.  SCAP 1.3 consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations. The standardization of security information facilitates interoperability and enables predictable results among disparate SCAP enabled security software. The SCAP Validation Program provides vendors an opportunity to have independent verification that security software correctly processes SCAP expressed security information and provides standardized output. NISTIR 7511 Revision 5 describes the test requirements for SCAP version 1.3.



SCAP validated tools; SCAP validated products; SCAP validated modules; SCAP derived test requirements (DTR); Security Content Automation Protocol (SCAP); SCAP validation
Control Families

Assessment, Authorization and Monitoring; System and Services Acquisition


Draft NISTIR 7511 Rev. 5

Supplemental Material:
None available

Related NIST Publications:
SP 800-126 Rev. 3
SP 800-126A
SP 800-126 Rev. 3 (Draft)
SP 800-126A (Draft)

Document History:
01/16/18: NISTIR 7511 Rev. 5 (Draft)
04/20/18: NISTIR 7511 Rev. 5 (Final)


Security and Privacy
acquisition; security automation; testing & validation

Laws and Regulations
OMB Circular A-130