404 KB | 3 files | DOC, PDF
This NIST guide explains how organizations can use standardized IT system vulnerability names (e.g., "OS software flaws" or "application security configuration issues") to support interoperability, minimize confusion regarding the problem being addressed and quickly identify remediation information when a new problem arises. It provides information and recommendations regarding two commonly used naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE).
A vulnerability naming scheme is a systematic method for creating and maintaining a standardized dictionary of common names for a set of vulnerabilities in IT systems, such as software flaws in an operating system or security configuration issues in an application. The naming scheme ensures that each vulnerability entered into the dictionary has a unique name. Using standardized vulnerability naming schemes supports interoperability. Organizations typically have many tools for system security management that reference vulnerabilities—for example, vulnerability and patch management software, vulnerability assessment tools, anti-virus software and intrusion detection systems. If these tools do not use standardized names for vulnerabilities, it may not be clear that multiple tools are referencing the same vulnerabilities in their reports, and it may take extra time and resources to resolve these discrepancies and correlate the information. This lack of interoperability can cause delays and inconsistencies in security assessment, reporting, decision-making and vulnerability remediation, as well as hamper communications both within organizations and between organizations. Use of standardized names also helps minimize confusion regarding which problem is being addressed, such as which vulnerabilities a new patch mitigates. This helps organizations to quickly identify the information they need, such as remediation information, when a new problem arises.
This publication provides information and recommendations related to two commonly used vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE), and Common Configuration Enumeration (CCE).
The attached Zip file includes:
This document provides recommendations and guidelines for enhancing trust in email, including transmission and content security recommendations. ... More >>
Chapter 2 focuses on answering questions faced by individuals interested in using storage or database technologies to solve their Big Data problems. ... More >>
This Microsoft PowerPoint 2016 Quick Reference covers the basics screen layout, fundamentals of using the program and working with slides, keyboard shortcuts, formatting, transitions and working with images and multimedia files. ... More >>