Date Published: July 2016
Comments Due:
Email Questions to:
Author(s)
David Waltermire (NIST), Stephen Quinn (NIST), Harold Booth (NIST), Karen Scarfone (Scarfone Cybersecurity), Dragos Prisaca (G2)
Announcement
NIST invites comments on two draft publications on the Security Content Automation Protocol (SCAP). The first is Special Publication (SP) 800-126 Revision 3, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3. The second is SP 800-126A, SCAP 1.3 Component Specification Version Updates: An Annex to NIST Special Publication 800-126 Revision 3.
SP 800-126 Revision 3 and SP 800-126A collectively define the proposed technical specification for SCAP version 1.3, which is based on enhancements and clarifications to the SCAP 1.2 specification. SP 800-126A is a new publication that allows SCAP 1.3 to take advantage of selected minor version updates of SCAP component specifications, as well as designated Open Vulnerability and Assessment Language (OVAL) platform schema versions.
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication defines the technical composition of SCAP version 1.3 in terms of its component specifications, their interrelationships and interoperation, and the requirements for SCAP content.
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication defines the technical composition of SCAP version 1.3...
See full abstract
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication defines the technical composition of SCAP version 1.3 in terms of its component specifications, their interrelationships and interoperation, and the requirements for SCAP content.
Hide full abstract
Keywords
patch verification; security automation; security checklists; security configuration; 112 Security Content Automation Protocol (SCAP); software flaws; checklists; vulnerabilities
Control Families
Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Communications Protection; System and Services Acquisition
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
