NIST Releases NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements

NIST released NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements, the latest in a series of documents on the Security Content Automation Protocol (SCAP), which describes the test requirements for SCAP version 1.3.  SCAP consists of open standards that are widely used by organizations to measure and continuously monitor the security settings and controls of computer systems and applications in order to find software flaws and security-related configuration issues. SCAP 1.3 consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations. The standardization of security information facilitates interoperability and enables predictable results among disparate SCAP enabled security software. The validation of security products is performed through a program developed by NIST called the SCAP Validation Program. The SCAP Validation Program offers vendors an opportunity to provide independent verification that security software correctly processes SCAP-expressed security information and provides standardized output. Industry and government end users benefit from the SCAP Validation Program by having assurance that SCAP-validated products have undergone independent testing and have met all necessary requirements defined in NISTIR 7511. This publication is intended for laboratories conducting SCAP product and module testing for the SCAP Validation Program, vendors interested in receiving SCAP validation for their products or modules, and organizations deploying SCAP products in their environments.