Jedná se o následující dva tituly:
- Draft Special Publication (SP) 800-126 Revision 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2. SCAP consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations. SP 800-126 defines and explains SCAP version 1.2, including the basics of the SCAP component specifications and their interrelationships, the characteristics of SCAP content, and the SCAP requirements not defined in the individual component specifications. Major changes from SCAP version 1.1 to 1.2 include the addition of the following components: Asset Reporting Format (ARF), Asset Identification, Common Configuration Scoring System (CCSS), and Trust Model for Security Automation Data (TMSAD), which provides support for digitally signing SCAP source and result content. SCAP 1.2 also includes new source and result data stream models, and it upgrades Open Vulnerability and Assessment Language (OVAL) support to version 5.10, Common Platform Enumeration (CPE) support to version 2.3, and Extensible Configuration Checklist Description Format (XCCDF) support to version 1.2.
- Second DRAFT Special Publication 800-56C, Recommendation for Key Derivation through Extraction-then-Expansi This second version incorporates resolutions to the comments received during the first comment period.
This Recommendation specifies techniques for the derivation of keying material from a shared secret established during a key establishment scheme defined in NIST Special Publications 800-56A or 800-56B through an extraction-then-expansion procedure. NIST is in the process of modifying SP 800-56A and SP 800-56B to include the extraction-then-expansion key derivation procedure specified in this draft Recommendation (800-56C).
