National Institute of Standards and Technology (NIST) - Information technology Laboratory (ITL)

SCAP Specifications

The following specifications comprise SCAP version 1.0:

Protocol

SCAP: Security Content Automation Protocol
Version: 1.0
Specification: DRAFT NIST SP 800-126

Languages

XCCDF: The eXtensible Configuration Checklist Description Format
Version: 1.1.4
Specification: NIST IR 7275 revision 3
Web site: http://scap.nist.gov/specifications/xccdf/
Email Discussion List: xccdf-dev@nist.gov (View archive) (Subscribe) (Unsubscribe)
OVAL®: Open Vulnerability and Assessment Language
Version: 5.3
Web site: http://oval.mitre.org/
Developer's Forum: OVAL-DEVELOPER-LIST@LISTS.MITRE.ORG (View archive) (Register)

Enumerations

CCE™: Common Configuration Enumeration
Version: 5
Web site: http://cce.mitre.org/
Contact Email: cce@mitre.org
Official CCE List: http://cce.mitre.org/lists/cce_list.html#current
CPE™: Common Platform Enumeration
Version: 2.2
Specification: CPE Specification 2.2
Web site: http://cpe.mitre.org/
Official Dictionary: http://nvd.nist.gov/cpe.cfm
Community Forum: CPE-DISCUSSION-LIST@LISTS.MITRE.ORG (View archive) (Register)
CVE®: Common Vulnerabilities and Exposures
Version: No version
Web site: http://cve.mitre.org/
Contact Email: cve@mitre.org
Official CVE List: http://cve.mitre.org/cve/index.html
NVD CVE-based Vulnerabilities: http://web.nvd.nist.gov/view/vuln/search

Metrics

CVSS: Common Vulnerability Scoring System
Version: 2
Specification: NIST IR 7435
Web site: http://www.first.org/cvss/