CHARLESTON, S.C.— Naval Information Warfare Center (NIWC) Atlantic spearheaded a modernization of national cybersecurity standards, directly influencing the National Institute of Standards and Technology’s (NIST) latest publication of Special Publication 800-126 Revision 4.
NIWC Atlantic’s Security Content Automation Protocol (SCAP) team drove the two-year initiative to overhaul the technical specifications that govern how the Department of Defense (DOD) automates security configuration and vulnerability management.
Recognizing that existing SCAP specifications were becoming obsolete, NIWC Atlantic SCAP team lead Jack Vander Pol aggressively pushed for modernization, initiating a series of strategic summits with NIST representatives. Vander Pol further cemented NIWC Atlantic’s leadership in the field by assuming the chairmanship of the Open Vulnerability and Assessment Language (OVAL) Board, a body of government and commercial software experts that manages the core of SCAP automation.
Under this new leadership, the team delivered several high-impact versions of OVAL that dramatically expanded automation capabilities. These advancements, integrated into NIWC Atlantic’s SCAP Compliance Checker (SCC) and the new SCAP 1.4 benchmarks, have already yielded a 25% increase (view benchmark stats link below) in automated configuration checks for Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs).
Beyond standard setting, NIWC Atlantic engineers provided critical technical solutions to support the new protocol. To simplify the signing and verification of SCAP data, the team engineered new XML digital signature methods and developed an open-source script that allows users to digitally sign XML files using a standard smart card.
The NIWC Atlantic SCAP team is now focused on lowering the barrier to entry for the private sector. By developing low-cost, open-source SCAP 1.4 compliance self-assertion methods, NIWC Atlantic aims to expand the marketplace for SCAP-based scanners, ensuring mission-critical networks remain interoperable and secure.
This effort was made possible through funding and support from the U.S. Space Force Space Systems Command and DISA.
For More Information
Technical Specification for the Security Content Automation Protocol (SCAP) SCAP Version 1.4
NIWC Atlantic SCAP Compliance Checker
NIWC Atlantic SCAP Content Repository
NIWC Atlantic SCAP Benchmark Stat: https://github.com.mcas-gov.us/niwc-atlantic/scap-content-library/blob/main/benchmark_stats.md
About NIWC Atlantic
Naval Information Warfare Center (NIWC) Atlantic, formally known as SPAWAR, provides systems engineering and acquisition to deliver information warfare capabilities to the naval, joint and national warfighter through the acquisition, development, integration, production, test, deployment, and sustainment of interoperable command, control, communications, computer, intelligence, surveillance, and reconnaissance.
| Date Taken: | 06.16.2026 |
| Date Posted: | 06.16.2026 11:06 |
| Story ID: | 567897 |
| Location: | CHARLESTON, SOUTH CAROLINA, US |
| Web Views: | 109 |
| Downloads: | 0 |
This work, NIWC Atlantic Overhauls National SCAP Standards to Secure Defense Networks, by John O'Neill, identified by DVIDS, must comply with the restrictions shown on https://www.dvidshub.net/about/copyright.
