NIST announces the release of Special Publication (SP) 800-126r4 (Revision 4), Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.4, and SP 800-126Ar4, SCAP 1.4 Component Specification Version Updates: An Annex to NIST SP 800-126r4. These coordinated revisions build on SCAP Version 1.3, streamline requirements to emphasize current implementations, and update supporting references and URLs.
About SCAP
The Security Content Automation Protocol (SCAP) is a suite of interoperable specifications for the standardized expression, exchange, and processing of security configuration and vulnerability information. SCAP enables consistent automation and reporting across products and environments by defining machine-readable content and associated processing requirements.
About the Publications
- SP 800-126r4 — Updates the SCAP technical specification to focus on SCAP Version 1.4 by removing backward compatibility requirements for earlier SCAP versions, revising digital signature requirements, and eliminating unused requirements. This revision also updates requirements regarding OVAL references and related component specifications (i.e., redirecting OVAL references to the OVAL Community GitHub). Hyperlinks and schema references are also updated to the current SCAP 1.4 resources.
- SP 800-126Ar4 (updated annex) — Aligns the annex with SCAP Version 1.4. Informative notes and change logs have been refreshed, and the document structure and normative references have been revised to conform to the latest NIST template and editorial policies.