|
1.
|
Clear description of the referenced document:
|
|
|
|
Name:
|
NIST SP 800-126v3 (2018)
|
|
Title:
|
The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3
|
|
|
2.
|
Status of approval:
|
|
|
Approved
|
|
3.
|
Justification for the specific reference:
|
|
|
This recommendation utilizes CPEs as defined in this reference.
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
None
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
NIST SP 800-126 v3 was published by NIST in 2018.
The Security Content Automation Protocol (SCAP) is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. This publication, along with its annex (NIST Special Publication 800-126A) and a set of schemas, collectively define the technical composition of SCAP version 1.3 in terms of its component specifications, their interrelationships and interoperation, and the requirements for SCAP content.
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
NIST SP 800-126 v3 was published by NIST in 2018.
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
[AI] Asset Identification https://doi.org/10.6028/NIST.IR.7693/
[ARF] ARF https://doi.org/10.6028/NIST.IR.7694/
[CCE] CCE https://nvd.nist.gov/config/cce//
[CCSS] CCSS https://doi.org/10.6028/NIST.IR.7502/
[CPE] CPE See [CPE-D], [CPE-L], [CPE-M], and [CPE-N]/
[CPE-D] CPE Dictionary https://doi.org/10.6028/NIST.IR.7697/
[CPE-L] CPE Applicability Language https://doi.org/10.6028/NIST.IR.7698/
[CPE-M] CPE Name Matching https://doi.org/10.6028/NIST.IR.7696/
[CPE-N] CPE Naming https://doi.org/10.6028/NIST.IR.7695/
[CVE] CVE https://cve.mitre.org//
[CVSS] CVSS https://www.first.org/cvss/cvss-v30-specification-v1.7.pdf/
[DCES] Dublin Core metadata/
version 1.1/
http://dublincore.org/documents/2012/06/14/dces//
[DSIG] DSIG https://www.w3.org/TR/xmldsig-core//
[OCIL] OCIL https://doi.org/10.6028/NIST.IR.7692/
[OVAL] OVAL https://oval.cisecurity.org/
[RFC2119] RFC 2119 https://doi.org/10.17487/RFC2119/
[RFC3986] RFC 3986 https://doi.org/10.17487/RFC3986/
[SCHEMATRON] ISO/IEC 19757-3:2016 http://schematron.com/2016/11/iso-schematron-2016-/
released//
[SP800-126A] NIST SP 800-126A https://doi.org/10.6028/NIST.SP.800-126A/
[SWID] ISO/IEC 19770-2:2015 http://www.iso.org/iso/catalogue_detail.htm?csnumber=65666/
[SWID-CYBER] NISTIR 8060 https://doi.org/10.6028/NIST.IR.8060/
[TMSAD] TMSAD https://doi.org/10.6028/NIST.IR.7802/
[XCCDF] XCCDF https://csrc.nist.gov/CSRC/media/Publications/nistir/7275/rev4/final/documents/nistir-7275r4_updated-march2012_clean.pdf/
[XINCLUDE] XInclude specification https://www.w3.org/TR/2006/REC-xinclude-20061115//
[XLINK] XLink specification https://www.w3.org/TR/2001/REC-xlink-20010627//
[XMLCAT] XML Catalog specification https://www.oasisopen.org/committees/download.php/14809/xml-catalogs.html/
[XMLS] W3C XML Schema https://www.w3.org/TR/2004/REC-xmlschema-1-20041028/,/
https://www.w3.org/TR/2004/REC-xmlschema-2-20041028/
|
|
9.
|
Qualification of
NIST:
|
|
|
Qualification of NIST: NIST is recognized under the provisions of ITU-T Recommendation A.5. Qualifying information is on file in TSB.
|
|
10.
|
Other (for any supplementary information):
|
|
|
|
