Draft NIST interagency Report 7298 Revision 1, Glossary of Key Information Security Terms This glossary of common security terms has been extracted from NIST Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009). The terms included are not all inclusive of terms found in the NIST publications, but do include most of the terms in those publications. The glossary does contain all of the terms and definitions from CNSSI-4009. The purpose of this glossary is to provide a central resource of definitions most commonly used in NIST information security publications and in CNSS information assurance publications.
Special Publication (SP) 800-126 Revision 1, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1. SCAP consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations. SP 800-126 defines and explains SCAP version 1.1, including the basics of the SCAP component specifications and their interrelationships, the characteristics of SCAP content, and the SCAP requirements not defined in the individual component specifications. Major changes from SCAP version 1.0 to 1.1 include the addition of Open Checklist Interactive Language (OCIL) and an upgrade to Open Vulnerability and Assessment Language (OVAL) version 5.6.