U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST IR 8058 (Initial Public Draft)

Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content

Date Published: May 1, 2015
Comments Due: July 1, 2015 (public comment period is CLOSED)
Email Questions to: NISTIR8058-comments@nist.gov

Author(s)

Harold Booth (NIST), Melanie Cook (NIST), Stephen Quinn (NIST), David Waltermire (NIST), Karen Scarfone (Scarfone Cybersecurity)

Announcement

NIST announces the public comment release of NIST Internal Report (NIST IR 8058), Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content. SCAP is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. Over time, certain stylistic conventions regarding the authoring of SCAP 1.2 content have become best practices. They improve the quality of SCAP content in several ways, such as improving the accuracy and consistency of results, avoiding performance problems, reducing user effort, lowering content maintenance burdens, and enabling content reuse. This document has been created to capture the best practices and encourage their use by SCAP content authors and maintainers.

Abstract

Keywords

SCAP content; SCAP data stream; SCAP programmer; SCAP style guide; security automation; information security; Security Content Automation Protocol (SCAP)
Control Families

Configuration Management

Documentation

Publication:
Draft NISTIR 8058 (pdf)

Supplemental Material:
None available

Document History:
05/01/15: IR 8058 (Draft)

Topics

Security and Privacy

security automation

Laws and Regulations

OMB Circular A-130