This is a potential security issue, you are being redirected to https://csrc.nist.gov.
You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.
The SCAP community is a public/private partnership consisting of interested parties from industry, research and educational institutions, and government that are working to advance automation and standardization of technical security operations. Involvement in SCAP extends to email-based discussion lists, conferences, and various technical working groups sponsored by a variety of organizations.
SCAP Discussion List (View and Subscribe)
The SCAP team at NIST maintains a moderated discussion list that users can post to, regarding the Security Content Automation Protocol (SCAP). This is the primary discussion list for on-going development of SCAP v2.This list is moderate in volume.
Asset Specifications Development List (Subscribe) (Unsubscribe)
The SCAP team at NIST maintains a mailing list for discussions about specifications focused on assets. This list is the primarily used by the Asset Working Group.
OCIL Discussion List (Subscribe) (Unsubscribe)
The SCAP team at NIST maintains a mailing list for discussion about the development of OCIL.
SCAP Announcements List (Subscribe) (Unsubscribe)
The SCAP team at NIST maintains a mailing list for sending out announcements regarding SCAP, the National Checklist Program (NCP), and the SCAP Validation Program. The list is extremely low volume and subscribers should expect to receive only a few emails a year. We appreciate the opportunity to keep you updated on recent developments..
SCAP Content Discussion List (Subscribe) (Unsubscribe)
This list is low in volume.
Emerging Specifications Discussion List (Subscribe) (Unsubscribe)
The SCAP team at NIST maintains a moderated technical discussion list used to develop and review emerging security automation standards. This list is moderate in volume.
Communities also exist with email discussion lists for current SCAP and emerging specifications.
Vulnerability Reporting Discussion and Exchange (Subscribe) Note: This list is not managed by NIST
This non-NIST mailing list is a follow-up from some of the discussions that occurred during the "Future of Global Vulnerability Reporting" track at the 7th Annual IT Security Automation Conference. The list is intended to facilitate the discussion of how to exchange information pertaining to vulnerabilities.
SCAP Inquiries
[email protected]
Security and Privacy: configuration management, patch management, security automation, security measurement, vulnerability management
Release Cycle SCAP Content SCAP Releases SCAP 1.3 SCAP 1.2 SCAP 1.1 SCAP 1.0 SCAP Specifications Asset Identification Asset Reporting Format (ARF) Common Configuration Enumeration (CCE) Common Platform Enumeration (CPE) Applicability Language Dictionary Name Matching Naming Open Vulnerability Assessment Language (OVAL) Open Checklist Interactive Language (OCIL) Trust Model for Security Automation Data (TMSAD) Extensible Configuration Checklist Description Format (XCCDF) Software Identification (SWID) SCAP Community
SCAP Inquiries
[email protected]
Security and Privacy: configuration management, patch management, security automation, security measurement, vulnerability management