Role of Trust in Intelligence Sharing and Automated Operations II

  • TYPE: Combined Session DATE: Thursday, October 10, 2019 TIME: 14:30-15:30 LOCATION: Murrow-White-Lisagor


The Security Content Automation Protocol (SCAP) provides a way to support automation of cybersecurity assessment activities in a standardized way. First published in 2011, the SCAP standards have seen significant adoption and use. However, time has also revealed numerous gaps and weaknesses in the SCAP 1.0 standards. This talk reviews lessons learned from almost 10 years of experience with the SCAP standards and briefly introduces a vision for the next generation of SCAP: SCAP 2.0.

The Security Content Automation Protocol (SCAP) is a set of standards that support automation of cybersecurity assessment activities. SCAP identifies a number of individual standards that focus on specific cybersecurity challenges and provides guidance on how these standards work together to support numerous operational use cases. SCAP 1.0 was published in April of 2011, with the most recent update (SCAP 1.3) published in February 2018.

SCAP has been, overall, a very successful effort, with dozens of compliant tools and many large organizations using SCAP as a central piece of their cybersecurity strategy. However, time has revealed a number of gaps and weaknesses in SCAP. Issues of complexity, lack of desired interoperability, and difficulty in maintaining content have repeatedly cropped up. This talk looks at the current (1.3) SCAP standards and makes some observations about what has worked and what has proved problematic. It concludes with a brief introduction to SCAP 2.0, a new revision of the SCAP framework proposed by NIST that is intended to continue the success of the SCAP program while addressing many of the weaknesses that have been seen in earlier SCAP specifications.

Key objectives:

  • Provide guidance useful in supporting community-drive consensus standards efforts based on experience with the SCAP effort
  • Educate the audience on the SCAP 2.0 vision and intent


Charles Schmidt is a Group Lead at the MITRE corporation, where he has worked for over 19 years in the field of cybersecurity. He has spent most of that time supporting security automation research and developing cybersecurity standards. He has been involved in the SCAP effort since its...


Sam Hays is the Sr. Technical Community Manager at Splunk where he works advocating the broad implementation of SOAR into both security and general workflows. Prior to joining Splunk, Sam spent 20 years in systems architecture design, implementation, and administration with a heavy...

Philip Royer is a research engineer at Splunk, where he publishes Phantom playbooks that automate investigations, mitigations, and other responses to security incidents using Splunk Phantom. He has also driven standardization of automated intelligence sharing and response actions through...

Log in to download the presentation:  


Session Links

Washington, D.C. - USA


CyberNext Summit 2019

Registration fee:
€1000.00 $1250.00 S$1600.00 11000.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • Oct 08 - 10, 2019 Washington, D.C. - USA