| CARVIEW |
This is a potential security issue, you are being redirected to https://csrc.nist.gov.
An official website of the United States government
Here’s how you know
Official websites use .gov
A
.gov website belongs to an official government
organization in the United States.
Secure .gov websites use HTTPS
A
lock (
) or https:// means you’ve safely connected to
the .gov website. Share sensitive information only on official,
secure websites.
Security Content Automation Protocol Validation Program SCAPVP
Project Links
Overview
End-of-Life Announcement: NIST SCAP Validation Program
The National Institute of Standards and Technology (NIST) announces the phased conclusion of the Security Content Automation Protocol (SCAP) Validation Program.
Since its inception in 2009, the SCAP Validation Program has played a crucial role in advancing standardized security automation and vulnerability management. Managed through the National Voluntary Laboratory Accreditation Program (NVLAP), the program enabled independent laboratories to test and validate products against SCAP standards, helping organizations worldwide strengthen their security posture.
Key Dates and Changes:
- Effective Immediately: NVLAP will no longer accept new applications for SCAP accreditation or process renewals for SCAP scope. No new or renewal assessments will be conducted. (See NIST Lab Bulletin LB-160-2025)
- Test Reports: NVLAP will continue to accept SCAP Validation Test reports from accredited laboratories until 12:00 AM (midnight) on September 2, 2024 EDT. Reports with major flaws that require re-testing will not be accepted for validation.
This transition marks the end of an era for NIST SCAP Validation Program, reflecting the field’s growth and changing needs in security automation. NIST is committed to transparency throughout this process and will share additional information about SCAP Validation Test Reports on the NIST SCAP website.
If you have questions about these changes, the NVLAP Security Testing, or SCAP Validation Test Reports, please contact us at: [email protected].
We thank all participating laboratories, vendors, and stakeholders for their dedication to SCAP and their ongoing commitment to advancing cybersecurity over the past decade.
SCAP Validation Program Overview
The SCAP Validation Program is designed to test the ability of products to use the features and functionality available through SCAP and its component standards.
Under the SCAP Validation Program, independent laboratories are accredited by the NIST National Voluntary Laboratory Accreditation Program (NVLAP). Accreditation requirements are defined in NIST Handbook 150, and NIST Handbook 150-17. Independent laboratories conduct the tests contained in the SCAP Validation Program Derived Test Requirements Document, on information technology (IT) security products and deliver the results to NIST. Based on the independent laboratory test report, the SCAP Validation Program then validates the product under test based on the independent laboratory test report. The validations awarded to vendor products will be publicly posted on the SCAP Validated Products and Modules web page.
SCAP validation will focus on evaluating specific versions of vendor products based on the platforms they support. Validations will be awarded on a platform-by-platform basis for the version of the product that was tested. Currently, products may seek validations on Red Hat Linux, Microsoft Windows and Apple Mac OS platforms.
Project Links
Additional Pages
Contacts
SCAP Validation Inquiries
[email protected]
Topics
Security and Privacy: continuous monitoring, patch management, security automation, testing & validation, vulnerability management
Additional Pages
SCAP 1.3 Validation SCAP 1.2 Validation SCAP Validated Products and Modules 148 HCL SCAP 1.3 Product Validation Record 147 SCC SCAP 1.3 Product Validation Record 146 BMC SCAP 1.3 Product Validation Record 145 McAfee SCAP 1.3 Product Validation Record 144 JOVAL6 SCAP 1.3 Product Validation Record SCAP Validation Resources SCAP Accredited Laboratories
Contacts
SCAP Validation Inquiries
[email protected]
Topics
Security and Privacy: continuous monitoring, patch management, security automation, testing & validation, vulnerability management