SCAP Specification Lifecycle

1. SCAP Specification Lifecycle 3.0 Deadline for Publication of Draft SCAP SP (800-126) and DTRs (IR 7511) +0 Months 5.0 Deadline for Publication of Final SCAP SP (800-126) and DTRs (IR 7511) +12 Months 2.0 Review Candidate SCAP Specifications -3 Months 6.0 SCAP Content Final +14 Months 4.0 SCAP Beta Content Available +3 Months 7.0 Laboratory Tool Validation Period Begins (DTR Effective Date) +15 Months 8.0 Laboratory Tool Validation Period Ends (DTR Expiration Date) +27 Months 9.0* Tool Validations Expire and Mandatory Content Maintenance Period Ends +39 Months 1.0 *Mandatory Content Maintenance Period Ending does not imply content expiration.

2. SCAP Documentation • COMING SOONSP800-117: Adopting and Using Security Content Automation Protocol • COMING SOONSP800-126: Security Content Automation Protocol Specification • SP800-70 Rev 1: DRAFT National Checklist Program for IT Products--Guidelines for Checklist Users and Developers • IR-7511: DRAFT Security Content Automation Protocol (SCAP) Validation Program Test Requirements • IR-7435: The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency SystemsIR-7275 Rev 3: Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4 • IR-7502: DRAFT The Common Configuration Scoring System (CCSS)