Updated SCAP Specification Drafts Available for Public Comment

[NIST Cybersecurity and Privacy Program]

View As Web Page NIST Cybersecurity and Privacy Program NIST Releases Two Updated Security Content Automation Protocol (SCAP) Publications for Comment  NIST announces the release of the initial public draft (ipd) of Special Publication (SP) 800-126r4 (Revision 4), Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.4, and SP 800-126Ar4 ipd, SCAP 1.4 Component Specification Version Updates: An Annex to NIST SP 800-126r4. These coordinated revisions build on SCAP Version 1.3, streamline requirements to emphasize current implementations, and update supporting references and URLs. NIST invites public comments on these publications until February 11, 2026, at 11:59 PM (EST).  About SCAP The Security Content Automation Protocol (SCAP) is a suite of interoperable specifications for the standardized expression, exchange, and processing of security configuration and vulnerability information. SCAP enables consistent automation and reporting across products and environments by defining machine-readable content and associated processing requirements. About the Publications SP 800-126r4 — Updates the SCAP technical specification to focus on SCAP Version 1.4 by removing backward compatibility requirements for earlier SCAP versions, revising digital signature requirements, and eliminating unused requirements. This revision also updates requirements regarding Open Vulnerability and Assessment Language (OVAL) references and related component specification (i.e. redirecting OVAL references to the OVAL Community GitHub). Hyperlinks and schema references are also updated to the current SCAP 1.4 resources.  SP 800-126Ar4 (updated annex) — Aligns the annex with SCAP Version 1.4. Informative notes and change logs are refreshed, and the document structure and normative references are revised to conform to the latest NIST templates and editorial policies.   Submit Your Comments The comment period is open through February 11, 2026, at 11:59 PM EST. Email comments to sc...@nist.gov. SP 800-126r4 ipd SP 800-126Ar4 ipd NIST Cybersecurity and Privacy Program Questions and comments can be directed to: sc...@nist.gov CSRC Website questions: csrc-i...@nist.gov

Connect with us Received this email from a friend? Subscribe here. Subscriber services: Manage Preferences  |  Unsubscribe  |  Help

---

If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com. Technical questions? Contact inqu...@nist.gov. (301) 975-NIST (6478). This service is provided to you at no charge by National Institute of Standards and Technology (NIST). 100 Bureau Drive, Stop 1070 · Gaithersburg, MD 20899 · 301-975-6478