Editor’s Note: SP 800-126 rev. 2 is attached below.
From: NIST
I am pleased to announce the final release of NIST Special Publication (SP) 800-126 Revision 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2. SCAP consists of a suite of specifications for standardizing the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. SP 800-126 defines and explains SCAP version 1.2, including the basics of the SCAP component specifications and their interrelationships, the characteristics of SCAP content, and the SCAP requirements not defined in the individual component specifications.
Major changes from SCAP version 1.1 to 1.2 include the addition of the following components: Asset Reporting Format (ARF), Asset Identification, Common Configuration Scoring System (CCSS), and Trust Model for Security Automation Data (TMSAD), which provides support for digitally signing SCAP source and result content. SCAP 1.2 also includes new source and result data stream models, and it upgrades Open Vulnerability and Assessment Language (OVAL) support to version 5.10, Common Platform Enumeration (CPE) support to version 2.3, and Extensible Configuration Checklist Description Format (XCCDF) support to version 1.2.
The SCAP version 1.2 specification and other resources can be found at:
http://scap.nist.gov/revision/1.2/
Sincerely,
Dave Waltermire SCAP Architect National Institute of Standards and Technology
Leave a Reply