csrc.nist.gov Open in urlscan Pro
2600:1f18:268d:1ddd:fd96:dcaa:cf17:f2b2  Public Scan

Form analysis
2 forms found in the DOM

Name: site-search — GET /search

<form name="site-search" id="site-search-form" action="/search" method="GET">
  <label for="search-csrc-query" class="element-invisible">Search</label>
  <input autocomplete="off" class="form-control" id="search-csrc-query" name="keywords" type="text" size="15" maxlength="128" placeholder="Search CSRC">
  <input type="hidden" name="ipp" value="25">
  <input type="hidden" name="sortBy" value="relevance">
  <input type="hidden" name="showOnly" value="publications,projects,news,events,presentations,glossary,topics">
  <input type="hidden" name="topicsMatch" value="ANY">
  <input type="hidden" name="status" value="Final,Draft">
  <button type="submit" id="search-csrc-submit-btn" class="form-submit">
    <span class="element-invisible">Search</span>
    <i class="fa fa-search"></i>
  </button>
</form>

Name: site-search-mobile — GET /search

<form name="site-search-mobile" id="site-search-form-mobile" action="/search" method="GET">
  <label for="search-csrc-query-mobile" class="element-invisible">Search</label>
  <input autocomplete="off" class="form-control" id="search-csrc-query-mobile" name="keywords" type="text" size="15" maxlength="128" placeholder="Search CSRC">
  <button type="submit" id="search-csrc-submit-btn-mobile" class="form-submit">
    <span class="element-invisible">Search</span>
    <i class="fa fa-search"></i>
  </button>
</form>

Text Content

You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected to
https://csrc.nist.gov.

You have JavaScript disabled. This site requires JavaScript to be enabled for
complete site functionality.

An official website of the United States government

Here’s how you know

Here’s how you know

Official websites use .gov
A .gov website belongs to an official government organization in the United
States.

Secure .gov websites use HTTPS
A lock ( Lock Locked padlock icon ) or https:// means you’ve safely connected to
the .gov website. Share sensitive information only on official, secure websites.

Search Search
CSRC MENU
Search Search
 * Projects
 * Publications Expand or Collapse
   
   Drafts for Public Comment
   
   All Public Drafts
   
   Final Pubs
   
   FIPS (standards)
   
   Special Publications (SPs)
   
   IR (interagency/internal reports)
   
   CSWP (cybersecurity white papers)
   
   ITL Bulletins
   
   Project Descriptions
   
   Journal Articles
   
   Conference Papers
   
   Books

 * Topics Expand or Collapse
   
   Security & Privacy
   
   Applications
   
   Technologies
   
   Sectors
   
   Laws & Regulations
   
   Activities & Products

 * News & Updates
 * Events
 * Glossary
 * About CSRC Expand or Collapse
   
   Computer Security Division
   
   
    * Cryptographic Technology
    * Secure Systems and Applications
    * Security Components and Mechanisms
    * Security Engineering and Risk Management
    * Security Testing, Validation, and Measurement
   
   
   
   Applied Cybersecurity Division
   
   
    * Cybersecurity and Privacy Applications
    * National Cybersecurity Center of Excellence (NCCoE)
    * National Initiative for Cybersecurity Education (NICE)
   
   
   
   Contact Us

Information Technology Laboratory
Computer Security Resource Center

Projects


SECURITY CONTENT AUTOMATION PROTOCOL SCAP

Share to Facebook Share to Twitter Share to LinkedIn Share ia Email

PROJECT LINKS

Overview FAQs News & Updates Events Publications


OVERVIEW

The Security Content Automation Protocol (SCAP) is a synthesis of interoperable
specifications derived from community ideas. Community participation is a great
strength for SCAP, because the security automation community ensures the
broadest possible range of use cases is reflected in SCAP functionality. This
Web site is provided to support continued community involvement. From this site,
you will find information about both existing SCAP specifications and emerging
specifications relevant to NIST's security automation agenda. You are invited to
participate, whether monitoring community dialog or leading more substantive
activities like specification authorship.

NIST's security automation agenda is broader than the vulnerability management
application of modern day SCAP. Many different security activities and
disciplines can benefit from standardized expression and reporting. We envision
further expansion in compliance, remediation, and network monitoring, and
encourage your contribution relative to these and additional disciplines. NIST
is also working on this expansion plan, so please communicate with the SCAP Team
early and often to ensure proper coordination of efforts.

PROJECT LINKS

Overview FAQs News & Updates Events Publications

ADDITIONAL PAGES

Release Cycle SCAP Content SCAP Releases SCAP 1.3 SCAP 1.2 SCAP 1.1 SCAP 1.0
SCAP Specifications Asset Identification Asset Reporting Format (ARF) Common
Configuration Enumeration (CCE) Common Platform Enumeration (CPE) Applicability
Language Dictionary Name Matching Naming Open Vulnerability Assessment Language
(OVAL) Open Checklist Interactive Language (OCIL) Trust Model for Security
Automation Data (TMSAD) Extensible Configuration Checklist Description Format
(XCCDF) Software Identification (SWID) Emerging Specifications Emerging
Specification Listing Asset Summary Reporting (ASR) SCAP Community

CONTACTS

SCAP Inquiries
scap@nist.gov


GROUP

Security Testing, Validation and Measurement

TOPICS

Security and Privacy: configuration management, patch management, security
automation, security measurement, vulnerability management

RELATED PROJECTS

DevSecOps
macOS Security
National Checklist Program
Open Security Controls Assessment Language
SCAP v2
SCAP Validation Program
Software Identification Tagging
Testing Laboratories
U.S. Government Configuration Baseline


ADDITIONAL PAGES

Release Cycle SCAP Content SCAP Releases SCAP 1.3 SCAP 1.2 SCAP 1.1 SCAP 1.0
SCAP Specifications Asset Identification Asset Reporting Format (ARF) Common
Configuration Enumeration (CCE) Common Platform Enumeration (CPE) Applicability
Language Dictionary Name Matching Naming Open Vulnerability Assessment Language
(OVAL) Open Checklist Interactive Language (OCIL) Trust Model for Security
Automation Data (TMSAD) Extensible Configuration Checklist Description Format
(XCCDF) Software Identification (SWID) Emerging Specifications Emerging
Specification Listing Asset Summary Reporting (ASR) SCAP Community

CONTACTS

SCAP Inquiries
scap@nist.gov



GROUP

Security Testing, Validation and Measurement

TOPICS

Security and Privacy: configuration management, patch management, security
automation, security measurement, vulnerability management

RELATED PROJECTS

DevSecOps
macOS Security
National Checklist Program
Open Security Controls Assessment Language
SCAP v2
SCAP Validation Program
Software Identification Tagging
Testing Laboratories
U.S. Government Configuration Baseline


Created December 07, 2016, Updated April 20, 2023

HEADQUARTERS
100 Bureau Drive
Gaithersburg, MD 20899
 * twitter (link is external)
 * facebook (link is external)
 * linkedin (link is external)
 * instagram (link is external)
 * youtube (link is external)
 * rss
 * govdelivery (link is external)

Want updates about CSRC and our publications? Subscribe



Contact Us | Our Other Offices

Send inquiries to csrc-inquiry@nist.gov
 * Site Privacy
 * Accessibility
 * Privacy Program
 * Copyrights
 * Vulnerability Disclosure
 * No Fear Act Policy
 * FOIA
 * Environmental Policy
 * Scientific Integrity
 * Information Quality Standards
 * Commerce.gov
 * Science.gov
 * USA.gov
 * Vote.gov