Publications
July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to
csrc-inquiry@nist.gov.
Further development of this draft has ceased (April 26, 2019).
Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.2
Documentation
Topics
Date Published: January 2012
Planning Note (04/26/2019):
Work on this document has been discontinued.
Author(s)
Stephen Quinn (NIST), Karen Scarfone (Scarfone Cybersecurity), David Waltermire (NIST)
The purpose of this document is to provide an overview of the Security Content Automation Protocol (SCAP) version 1.2. This document discusses SCAP at a conceptual level, focusing on how organizations can use SCAP-enabled tools to enhance their security posture. It also explains to IT product and service vendors how they can adopt SCAP version 1.2 capabilities within their offerings. The intended audience for this document is individuals who have responsibilities for maintaining or verifying the security of systems in operational environments.
The purpose of this document is to provide an overview of the Security Content Automation Protocol (SCAP) version 1.2. This document discusses SCAP at a conceptual level, focusing on how organizations can use SCAP-enabled tools to enhance their security posture. It also explains to IT product and...
See full abstract
The purpose of this document is to provide an overview of the Security Content Automation Protocol (SCAP) version 1.2. This document discusses SCAP at a conceptual level, focusing on how organizations can use SCAP-enabled tools to enhance their security posture. It also explains to IT product and service vendors how they can adopt SCAP version 1.2 capabilities within their offerings. The intended audience for this document is individuals who have responsibilities for maintaining or verifying the security of systems in operational environments.
Hide full abstract
Keywords
Security Content Automation Protocol (SCAP); security configuration management; security automation; vulnerability management
Control Families
Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Communications Protection