Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0

Quinn, Stephen; Scarfone, Karen; Barrett, Matthew; Johnson, Christopher

doi:https://doi.org/10.6028/NIST.SP.800-117

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov.

NIST SP 800-117

Withdrawn on November 27, 2018.

Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0

Documentation Topics

Date Published: July 2010

Planning Note (11/27/2018): SCAP v1.0 is no longer supported. For additional details, see information about SCAP Releases and the SCAP Release Cycle.

Author(s)

Stephen Quinn (NIST), Karen Scarfone (NIST), Matthew Barrett (G2), Christopher Johnson (NIST)

Abstract

The purpose of this document is to provide an overview of the Security Content Automation Protocol (SCAP). This document discusses SCAP at a conceptual level, focusing on how organizations can use SCAP-enabled tools to enhance their security posture. It also explains to IT product and service vendors how they can adopt SCAP's capabilities within their offerings.

Keywords

Security automation; security configuration management; Security Content Automation Protocol (SCAP); vulnerability management

Control Families

Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Maintenance; Risk Assessment; System and Services Acquisition; System and Communications Protection

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-117
Download URL

Supplemental Material:
None available

Document History:
07/27/10: SP 800-117 (Final)

Topics

Security and Privacy

configuration management, security automation, vulnerability management

Laws and Regulations

Federal Information Security Modernization Act, OMB Circular A-130