Security Content Automation Protocol SCAP

The Security Content Automation Protocol (SCAP) is a suite of interoperable specifications for the standardized expression, exchange, and processing of security configuration and vulnerability information. SCAP enables consistent automation and reporting across products and environments by defining machine-readable content and associated processing requirements.

SCAP continues to be maintained through the development of SCAP 1.4, which builds upon prior releases to preserve interoperability and operational stability across established security automation use cases. Consistent with current program direction, development of SCAP 2.0 has ceased, and no additional major SCAP releases are planned. Accordingly, this site focuses on existing SCAP specifications and their maintenance under the SCAP 1.x family.

NIST welcomes community engagement directed toward improving the clarity, quality, and implementation of SCAP 1.4. Inquiries may be directed to the SCAP Team at [email protected].