SCAP Specifications
The following specifications comprise SCAP version 1.1.
Protocol
- SCAP: Security Content Automation Protocol
- Version: 1.1
- Status: Final
- Specification: NIST SP 800-126 Rev. 1
Tools
- SCAP Content Validation Tool
- Version: 1.1.2.9
- Released: 04/28/2011
- Download: SCAP Content Validation Tool for SCAP 1.0 and 1.1 (Download 20.9 MB) [Note: A new version is available here that supports SCAP 1.2.]
- sha-1: E327A3477E4B6E9CD313B021E88572244967C4F8
- sha-256: E9A49AF8DDC4E4A79785174969BD644ECDFF4C91E690625E9E9933FB9E2E33E5
- Description: The SCAP Content Validation Tool is designed to validate the correctness of a SCAP data stream for a particular use case according to what is defined in SP 800-126. This version of the tool is designed to validate SCAP content adhering to SCAP version 1.0 and 1.1. The scapval.html within the tool zip file contains additional information about how to run the tool.
Languages
- XCCDF: The eXtensible Configuration Checklist Description Format
- Version: 1.1.4
- Specification: NIST IR 7275 revision 3
- Web site: http://scap.nist.gov/specifications/xccdf/
- Email Discussion List: xccdf-dev@nist.gov (View archive) (Subscribe) (Unsubscribe)
- OVAL®: Open Vulnerability and Assessment Language
- Version: 5.8
- Web site: http://oval.mitre.org/
- Developer's Forum: OVAL-DEVELOPER-LIST@LISTS.MITRE.ORG (View archive) (Register)
- OCIL: Open Checklist Interactive Language
- Version: 2.0
- Web site: http://scap.nist.gov/specifications/ocil/
- Email Discussion List: ocil-dev@nist.gov (Subscribe) (Unsubscribe)
- The Open Checklist Interactive Language defines a framework for expressing a set of questions to be presented to a user and corresponding procedures to interpret responses to these questions. Although the OCIL specification was developed for use with IT security checklists, the uses of OCIL are by no means confined to IT security. Other possible use cases include research surveys, academic course exams, and instructional walkthroughs.
Enumerations
- CCE™: Common Configuration Enumeration
- Version: 5
- Web site: http://cce.mitre.org/
- Contact Email: cce@mitre.org
- Official CCE List: http://cce.mitre.org/lists/cce_list.html#current
- CPE™: Common Platform Enumeration
- Version: 2.2
- Specification: CPE Specification 2.2
- Web site: http://cpe.mitre.org/
- Official Dictionary: http://nvd.nist.gov/cpe.cfm
- Community Forum: CPE-DISCUSSION-LIST@LISTS.MITRE.ORG (View archive) (Register)
- CVE®: Common Vulnerabilities and Exposures
- Version: No version
- Web site: http://cve.mitre.org/
- Contact Email: cve@mitre.org
- Official CVE List: http://cve.mitre.org/cve/index.html
- NVD CVE-based Vulnerabilities: http://web.nvd.nist.gov/view/vuln/search
Metrics
- CVSS: Common Vulnerability Scoring System
- Version: 2
- Specification: NIST IR 7435
- Web site: http://www.first.org/cvss/
Related Publications and Resources
- Guide to Using Vulnerability Naming Schemes
- Specification: SP 800-51 Rev. 1