National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

Event Management Automation Protocol (EMAP)

The Event Management Automation Protocol (EMAP) is a suite of interoperable specifications designed to standardize the communication of event management data. EMAP is an emerging protocol within the NIST Security Automation Program, and is a peer to similar automation protocols such as the Security Content Automation Protocol (SCAP). Where SCAP standardizes the data models of configuration and vulnerability management domains, EMAP will focus on standardizing the data models relating to event and audit management. At a high-level, the goal of EMAP is to enable standardized content, representation, exchange, correlation, searching, storing, prioritization, and auditing of event records within an organizational IT environment.

Community involvement is critical to the success of the EMAP initiative, because input from the security automation community will ensure the broadest possible range of use cases is reflected in EMAP functionality. This Web site is provided to support continued community involvement. This site will be updated regularly and will serve as the primary resource for finding EMAP related materials. You are invited to participate, whether monitoring community dialog or leading more substantive activities like specification authorship.

EMAP Resources

News:
07/21/2011 - The EMAP team needs your low-level use cases
Subscribe via RSS
Documents:
08/31/2011 - Presentations from the first EMAP Developer Days
06/06/2011 - Draft EMAP Use Cases and Requirements (PDF)
Mailing Lists:
EMAP Discussion List (Subscribe) (Unsubscribe)
The EMAP team at NIST maintains a moderated discussion list that users can post to, regarding the Event Management Automation Protocol (EMAP). This list is moderate in volume.