An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

NIWC Atlantic Overhauls National SCAP Standards to Secure Defense Networks

18 June 2026

From John O'Neill, NIWC Atlantic Public Affairs Office

Naval Information Warfare Center (NIWC) Atlantic spearheaded a two-year initiative to modernize national cybersecurity standards, directly shaping NIST’s Special Publication 800-126 Revision 4. Led by Jack Vander Pol, the team enhanced automation capabilities, increased DISA STIG compliance checks by 25%, and developed open-source tools to secure mission-critical networks.
Download Icon Download

CHARLESTON, S.C.— Naval Information Warfare Center (NIWC) Atlantic spearheaded a modernization of national cybersecurity standards, directly influencing the National Institute of Standards and Technology’s (NIST) latest publication of Special Publication 800-126 Revision 4.

NIWC Atlantic’s Security Content Automation Protocol (SCAP) team drove the two-year initiative to overhaul the technical specifications that govern how the Department of Defense (DOD) automates security configuration and vulnerability management.

Recognizing that existing SCAP specifications were becoming obsolete, NIWC Atlantic SCAP team lead Jack Vander Pol aggressively pushed for modernization, initiating a series of strategic summits with NIST representatives. Vander Pol further cemented NIWC Atlantic’s leadership in the field by assuming the chairmanship of the Open Vulnerability and Assessment Language (OVAL) Board, a body of government and commercial software experts that manages the core of SCAP automation.

Under this new leadership, the team delivered several high-impact versions of OVAL that dramatically expanded automation capabilities. These advancements, integrated into NIWC Atlantic’s SCAP Compliance Checker (SCC) and the new SCAP 1.4 benchmarks, have already yielded a 25% increase in automated configuration checks for Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs).

Beyond standard setting, NIWC Atlantic engineers provided critical technical solutions to support the new protocol. To simplify the signing and verification of SCAP data, the team engineered new XML digital signature methods and developed an open-source script that allows users to digitally sign XML files using a standard smart card.

The NIWC Atlantic SCAP team is now focused on lowering the barrier to entry for the private sector. By developing low-cost, open-source SCAP 1.4 compliance self-assertion methods, NIWC Atlantic aims to expand the marketplace for SCAP-based scanners, ensuring mission-critical networks remain interoperable and secure.

This effort was made possible through funding and support from the U.S. Space Force Space Systems Command and DISA.

For More Information

Site Map
FOIA
Navy.com
Plain Writing
No Fear Act
USA.gov
508 Compliance
Privacy Policy
Veterans Crisis Line
Information Quality
Open Government
Guidance-Card-Icon Dept-Exclusive-Card-Icon