The Security Content Automation Protocol (SCAP) consists of open standards that are widely used by organizations to measure and continuously monitor the security settings and controls of computer systems and applications that aid in discovering software flaws and security-related configuration issues.
The National Institute of Standards and Technology is releasing NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements, the latest in a series of documents on SCAP, which describes the test requirements for SCAP version 1.3, NIST said in a release.
SCAP 1.3 consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations. The standardization of security information facilitates interoperability and enables predictable results among disparate SCAP enabled security software.
Validation is awarded based on a defined set of SCAP capabilities by independent laboratories that have been accredited for SCAP testing by the NIST National Voluntary Laboratory Accreditation Program (NVLAP).
NISTIR 7511 Rev. 5 (DOI)
SCAP Validation Program (other)
Related NIST Publications:
SP 800-126 Rev. 3
Draft NISTIR 7511 Rev. 5 (1/16/18)
NISTIR 7511 Rev. 5 (4/20/18)