Date Published: May 1, 2015
Comments Due:
Email Questions to:
Author(s)
Harold Booth (NIST), Melanie Cook (NIST), Stephen Quinn (NIST), David Waltermire (NIST), Karen Scarfone (Scarfone Cybersecurity)
Announcement
NIST announces the public comment release of NIST Internal Report (NIST IR 8058), Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content. SCAP is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. Over time, certain stylistic conventions regarding the authoring of SCAP 1.2 content have become best practices. They improve the quality of SCAP content in several ways, such as improving the accuracy and consistency of results, avoiding performance problems, reducing user effort, lowering content maintenance burdens, and enabling content reuse. This document has been created to capture the best practices and encourage their use by SCAP content authors and maintainers.
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. SCAP version 1.2 requirements are defined in NIST Special Publication 800-126 Revision 2. Over time, certain stylistic conventions regarding the authoring of SCAP 1.2 content have become best practices. While these best practices are not required, they improve the quality of SCAP content in several ways, such as improving the accuracy and consistency of results, avoiding performance problems, reducing user effort, lowering content maintenance burdens, and enabling content reuse. This document has been created to capture the best practices and encourage their use by SCAP content authors and maintainers.
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. SCAP version 1.2 requirements are defined in NIST Special Publication...
See full abstract
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. SCAP version 1.2 requirements are defined in NIST Special Publication 800-126 Revision 2. Over time, certain stylistic conventions regarding the authoring of SCAP 1.2 content have become best practices. While these best practices are not required, they improve the quality of SCAP content in several ways, such as improving the accuracy and consistency of results, avoiding performance problems, reducing user effort, lowering content maintenance burdens, and enabling content reuse. This document has been created to capture the best practices and encourage their use by SCAP content authors and maintainers.
Hide full abstract
Keywords
SCAP content; SCAP data stream; SCAP programmer; SCAP style guide; security automation; information security; Security Content Automation Protocol (SCAP)
Control Families
Configuration Management