Security Content and Tools

This site contains a collection of free and publicly available software and data resources created from the sctools GitHub repository. These resources supplement and complement those available from the National Vulnerability Database.

Software

needle and thread Baseline Tailor
A web-based tool for using the Cybersecurity Framework and for tailoring Special Publication 800-53 security controls. Baseline Tailor was a 2017 Government Computer News "dig IT" award finalist.
G clef SCAP Composer
A desktop application for creating Security Content Automation Protocol (SCAP) source data stream collections from Extensible Markup Language (XML) documents valid with respect to schemas defined in SCAP component specifications.

Data and Schemas

Data XML Schema RELAX NG Schematron
Cybersecurity Framework Core core.xml core.xsd core.rnc N/A
Framework Profile Generated by
Baseline Tailor
profile.xsd profile.rnc N/A
Tailored Baseline Generated by
Baseline Tailor
tailored.xsd tailored.rnc tailored-schematron.xml
NIST Special Publication 800-53
Security Controls
Database and XML Downloads N/A N/A


PLEASE NOTE: This is an experimental website. NIST does not endorse the views expressed, or necessarily concur with the information presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. All the material on this website is in the public domain and is intended for unrestricted use by interested parties, including any text, diagrams, or images, unless indicated explicitly.

This website represents components defined in the NIST Framework for Improving Critical Infrastructure Cybersecurity and security controls and associated assessment procedures defined in NIST SP 800-53 Revision 4 Recommended Security Controls for Federal Information Systems and Organizations. For any discrepancies noted in the content between this website and the latest published NIST Cybersecurity Framework or Special Publication SP 800-53 Revision 4, please defer to the official published documents that are posted on http://csrc.nist.gov.

Certain commercial equipment, instruments, materials, systems, software, and trade names may be identified throughout this site in order to specify or identify technologies adequately. Such identification is not intended to imply recommendation or endorsement by NIST or any other party, nor is it intended to imply that the systems or products identified are necessarily the best available for the purpose. All data and other information posted on this site is provided as a public service and is provided 'AS IS.' NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY.

By selecting external links, you will be leaving NIST webspace. Links to other websites are provided because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose.


Privacy Policy | Security Notice | Accessibility Statement | Send feedback