Email this Article Email   

CHIPS Articles: NIST updates Security Content Automation Protocol to monitor computer security

NIST updates Security Content Automation Protocol to monitor computer security
By CHIPS Magazine - April 24, 2018
The Security Content Automation Protocol (SCAP) consists of open standards that are widely used by organizations to measure and continuously monitor the security settings and controls of computer systems and applications that aid in discovering software flaws and security-related configuration issues.

The National Institute of Standards and Technology is releasing NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements, the latest in a series of documents on SCAP, which describes the test requirements for SCAP version 1.3, NIST said in a release.

SCAP 1.3 consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations. The standardization of security information facilitates interoperability and enables predictable results among disparate SCAP enabled security software.

Validation is awarded based on a defined set of SCAP capabilities by independent laboratories that have been accredited for SCAP testing by the NIST National Voluntary Laboratory Accreditation Program (NVLAP).

NISTIR 7511 Rev. 5 (DOI)
NIST Download

Supplemental Material:
SCAP Validation Program (other)

Related NIST Publications:
SP 800-126 Rev. 3
SP 800-126A

Document History:
Draft NISTIR 7511 Rev. 5 (1/16/18)
NISTIR 7511 Rev. 5 (4/20/18)

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer