===== NIST: SP 800-126: The Technical Specification for the Security Content Automation Protocol (SCAP) =====
[[dido:public:ra:xapend:xapend.b_stds:tech:nist:start| return to the NIST Standards ]]


<table>
<caption>Data sheet for The Technical Specification for the Security Content Automation Protocol (SCAP)</caption>
| Title                      | The Technical Specification for the Security Content Automation Protocol |
| Acronym                    | SCAP |
| Version                    | 1.3 |
| Series                     | SP   |
| Document Number            | 800-126  |
| Release Date               | 2 February 2019    |
| Overview Page              | [[ https://csrc.nist.gov/publications/detail/sp/800-126/rev-3/final ]]
| Download                   | [[ https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-126r3.pdf ]] |
</table>

  : **Note**: The following is an excerpt from the official NIST catalog. It is provided here as a convenience and is not authoritative. Refer to the original document as the authoritative reference.

==== Purpose and Scope ==== 
  : //This document, NIST Special Publication (SP) 800-126 Revision 3, along with its annex (NIST SP 800-
126A [SP800-126A]) and a set of schemas, collectively provide the definitive technical specification for
version 1.3 of the Security Content Automation Protocol (SCAP). SCAP (pronounced ess-cap) consists of
a suite of specifications for standardizing the format and nomenclature by which software flaw and
security configuration information is communicated, both to machines and humans. This document
defines requirements for creating and processing SCAP source content. These requirements build on the
requirements defined within the individual SCAP component specifications. Each new requirement
pertains either to using multiple component specifications together or to further constraining one of the
individual component specifications. The requirements within the individual component specifications are
not repeated in this document; see those specifications to view their requirements.//

  : //To extend the contents of this document, an annex has been created. The annex document specifies
additional entities that may be used in SCAP 1.3 conformant content creation and processing://
    * //Particular minor version updates to SCAP 1.3 component specifications//
    * //Particular Open Vulnerability and Assessment Language (OVAL) platform schema versions//

  : //The scope of this document and its annex is limited to SCAP version 1.3. Other versions of SCAP and its
component specifications are not addressed in these documents.
Future versions of SCAP will be defined in distinct revisions of this document and its annex, each clearly
labeled with a document revision number and the appropriate SCAP version number.//

/**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/* To add a discussion page to this page, comment out the line that says 
  ~~DISCUSSION:off~~
*/
~~DISCUSSION:on|Outstanding Issues~~
~~DISCUSSION:off~~