Date Published: February 2018
Author(s)
David Waltermire (NIST), Stephen Quinn (NIST), Harold Booth (NIST), Karen Scarfone (Scarfone Cybersecurity), Dragos Prisaca (G2)
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along with its annex (NIST Special Publication 800-126A) and a set of schemas, collectively define the technical composition of SCAP version 1.3 in terms of its component specifications, their interrelationships and interoperation, and the requirements for SCAP content.
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along with its annex (NIST Special Publication...
See full abstract
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along with its annex (NIST Special Publication 800-126A) and a set of schemas, collectively define the technical composition of SCAP version 1.3 in terms of its component specifications, their interrelationships and interoperation, and the requirements for SCAP content.
Hide full abstract
Keywords
checklists; patch verification; security automation; security checklists; security configuration; 112 Security Content Automation Protocol (SCAP); software flaws; vulnerabilities
Control Families
Audit and Accountability;
Security Assessment and Authorization;
Configuration Management;
Incident Response;
Maintenance;
Risk Assessment;
System and Communications Protection;
System and Services Acquisition;