The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3

Waltermire, David; Quinn, Stephen; Booth, Harold; Scarfone, Karen; Prisaca, Dragos

doi:https://doi.org/10.6028/NIST.SP.800-126r3

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov. [12:20 pm ET - If you received "Page Not Found" errors recently, please retry accessing those files. File synchronization should now be complete.]

NIST SP 800-126 Rev. 3

The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3

Documentation Topics

Date Published: February 2018

Author(s)

David Waltermire (NIST), Stephen Quinn (NIST), Harold Booth (NIST), Karen Scarfone (Scarfone Cybersecurity), Dragos Prisaca (G2)

Abstract

The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along with its annex (NIST Special Publication 800-126A) and a set of schemas, collectively define the technical composition of SCAP version 1.3 in terms of its component specifications, their interrelationships and interoperation, and the requirements for SCAP content.

Keywords

checklists; patch verification; security automation; security checklists; security configuration; 112 Security Content Automation Protocol (SCAP); software flaws; vulnerabilities

Control Families

Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Incident Response; Maintenance; Risk Assessment; System and Services Acquisition; System and Communications Protection

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-126r3
Download URL

Supplemental Material:
SCAP project

Other Parts of this Publication:
SP 800-126A

Related NIST Publications:
IR 7511 Rev. 5

Document History:
02/14/18: SP 800-126 Rev. 3 (Final)

Topics

Security and Privacy

acquisition, audit & accountability, digital signatures, incident response, maintenance, risk assessment, security automation, threats, vulnerability management

Laws and Regulations

Federal Information Security Modernization Act, OMB Circular A-130