Security Content Automation Protocol (SCAP) Validation Testing


The COACT Lab is a third party independent testing facility accredited by the National Voluntary Laboratory Accreditation Program (NVLAP Lab Code 200416-0) to perform SCAP 1.2 and SCAP 1.3 compliance testing. The SCAP compliance testing program is sponsored by the management of the National Institute of Standards and Technology (NIST). The COACT lab conducts specific tests that are contained in the SCAP Validation Program Derived Test Requirements Document (NIST 7511), on SCAP products and delivers the results to NIST. The SCAP Validation Program will validate the SCAP product under test based on those results.

For FAQ’s covering the SCAP validation program, we recommend that you visit the Official SCAP FAQ page. Please feel free to use to contact form below if you have any questions on your validation needs.


COACT is accredited to provide full SCAP 1.2 and SCAP 1.3 compliance testing on the following SCAP Capabilities:

Authenticated Configuration Scanner

  • CVE Option (optional CVE support may be combined with ACS)
  • OCIL Option (optional OCIL support may be combined with ACS)

COACT lab personnel have extensive knowledge on the following SCAP related standards:

  • AI: Asset Identification
  • ARF: Asset Reporting Format
  • CCE: Common Configuration Enumeration
  • CCSS: Common Configuration Scoring System
  • CPE: Common Platform Enumeration
  • CVE: Common Vulnerabilities and Exposures
  • CVSS: Common Vulnerability Scoring System
  • OVAL: Open Vulnerability and Assessment Language
  • OCIL: Open Checklist Interactive Language
  • XCCDF: Extensible Configuration Checklist Description Format
  • TMSAD: Trust Model for Security Automation Data
  • SWID: Software Identification Tags

The COACT SCAP Lab is configured to conduct SCAP testing on the following platforms:

SCAP 1.2 Platforms:

Microsoft Windows:

  • Microsoft Windows XP Professional
  • Microsoft Windows Vista
  • Microsoft Windows 7, 32 and 64-bit
  • Microsoft Windows 8.1, 32 and 64-bit
  •  Microsoft Windows 10, 32 and 64-bit
  • Microsoft Windows Server 2012 R2, 64-bit

Red Hat Enterprise Linux (RHEL):

  • RHEL 5, 32 and 64-bit
  • RHEL 6, 32 and 64-bit
  • RHEL 7, 64-bit 

Apple Mac OS:

  • Apple Mac OS 10.11 (OS X El Capitan)

SCAP 1.3 Platforms:

Microsoft Windows:

  • Microsoft Windows Vista
  • Microsoft Windows 7, 32 and 64-bit
  • Microsoft Windows 8.1, 32 and 64-bit
  • Microsoft Windows 10, 32 and 64-bit
  • Microsoft Windows Server 2012 R2, 64-bit

Red Hat Enterprise Linux (RHEL):

  • RHEL 6, 32 and 64-bit
  • RHEL 7, 64-bit

Apple Mac OS:

  • Apple Mac OS 10.11 (OS X El Capitan)

Our Validation Effort

Documentation Review

COACT reviews all related SCAP documentation to ensure your complaint with all SCAP 1.2 and 1.3 standards.

SCAP Testing

Our virtual environment is already configured to specification for the most up-to-date version of the SCAP validation content.

Any findings that are discovered throughout the SCAP validation process are logged and tracked using a Tester Observation Report (TOR) which enables COACT validators to identify deviations from expected results and provide an accurate point-in-time view of the validation process.

Report write-up and Submission

We have a great track record for submitting flawless validation reports which provides a quick turnaround to be certified and listed on the SCAP validated products list.


Click here for a list of SCAP validations performed by COACT, Inc.