Security Content Automation Protocol SCAP

SCAP Releases

SCAP must continually evolve to meet the ever changing needs of the community. This need for continual evolution results in multiple versions of SCAP being available at any given time. The SCAP Release Cycle defines a process for managing change relating to SCAP and the NIST SCAP Validation Program by providing a consistent and repeatable revision work flow.

The following list represents the currently available versions of SCAP. The current effective version of SCAP is SCAP 1.3.

Protocol

SCAP: Security Content Automation Protocol

Version: 2.0

Status: Initial Design

Specification: TBD

Design Considerations: Transition Whitepaper

SCAP: Security Content Automation Protocol

Version: 1.3

Status: Final

Specification: NIST SP 800-126 Rev. 3

Annex: NIST SP 800-126 Rev. 3 Annex

SCAP: Security Content Automation Protocol

Version: 1.2

Status: Final

Specification: NIST SP 800-126 Rev. 2

SCAP: Security Content Automation Protocol

Version: 1.1

Status: Final

Specification: NIST SP 800-126 Rev. 1

SCAP: Security Content Automation Protocol

Version: 1.0

Status: Final

Specification: NIST SP 800-126

Content Development Tools

SCAP Content Validation Tool

Location: Content Validation Tool for SCAP 1.0 and 1.1

Location: Content Validation Tool for SCAP 1.0, 1.1, and 1.2

Enhanced SCAP Editor (eSCAPe)

Site: eSCAPe Project Site

Recommendation Tracker (RT)

Site: Recommendation Tracker Sourceforge Site

Created December 07, 2016, Updated September 30, 2025