Role of Trust in Intelligence Sharing and Automated Operations II
Facebook Twitter LinkedIn

Lessons Learned from Almost a Decade of SCAP

Combined Session
Thursday, October 10, 2019 14:30—15:30
Location: Murrow-White-Lisagor

The Security Content Automation Protocol (SCAP) provides a way to support automation of cybersecurity assessment activities in a standardized way. First published in 2011, the SCAP standards have seen significant adoption and use. However, time has also revealed numerous gaps and weaknesses in the SCAP 1.0 standards. This talk reviews lessons learned from almost 10 years of experience with the SCAP standards and briefly introduces a vision for the next generation of SCAP: SCAP 2.0.

The Security Content Automation Protocol (SCAP) is a set of standards that support automation of cybersecurity assessment activities. SCAP identifies a number of individual standards that focus on specific cybersecurity challenges and provides guidance on how these standards work together to support numerous operational use cases. SCAP 1.0 was published in April of 2011, with the most recent update (SCAP 1.3) published in February 2018.

SCAP has been, overall, a very successful effort, with dozens of compliant tools and many large organizations using SCAP as a central piece of their cybersecurity strategy. However, time has revealed a number of gaps and weaknesses in SCAP. Issues of complexity, lack of desired interoperability, and difficulty in maintaining content have repeatedly cropped up. This talk looks at the current (1.3) SCAP standards and makes some observations about what has worked and what has proved problematic. It concludes with a brief introduction to SCAP 2.0, a new revision of the SCAP framework proposed by NIST that is intended to continue the success of the SCAP program while addressing many of the weaknesses that have been seen in earlier SCAP specifications.

Key objectives:

Lessons Learned from Almost a Decade of SCAP
Presentation deck
Lessons Learned from Almost a Decade of SCAP
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Charles Schmidt
Charles Schmidt
The MITRE Corporation
Charles Schmidt is a Group Lead at the MITRE corporation, where he has worked for over 19 years in the field of cybersecurity. He has spent most of that time supporting security automation research...

Tickets

CyberNext Summit & Borderless Cyber
€700
€1000
 
All days: Oct
Two day ticket
€550
€750
 
Day 1 + Day 2
€550
€750
 
Day 2 + Day 3
€550
€750
 
Day 1 + Day 3
€550
€750
 
One day ticket
€300
€500
 
Day 1
€300
€500
 
Oct
Day 2
€300
€500
 
Oct
Day 3
€300
€500
 
Oct
CyberNext Summit & Borderless Cyber - Gov. rate
€360
 
Government rate, All days: Oct
Two day ticket - Gov. rate
€295
 
Day 1 + Day 2
€295
 
Day 2 + Day 3
€295
 
Day 1 + Day 3
€295
 
One day ticket - Gov. rate
€230
 
Day 1
€230
 
Oct
Day 2
€230
 
Oct
Day 3
€230
 
Oct
Have you participated in our events?
Contact us to get a special discount
Subscribe for updates
Please provide your email address