Guide to Using Vulnerability Naming Schemes

404 KB | 3 files |  DOC, PDF

This NIST guide explains how organizations can use standardized IT system vulnerability names (e.g., "OS software flaws" or "application security configuration issues") to support interoperability, minimize confusion regarding the problem being addressed and quickly identify remediation information when a new problem arises. It provides information and recommendations regarding two commonly used naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE).

A vulnerability naming scheme is a systematic method for creating and maintaining a standardized dictionary of common names for a set of vulnerabilities in IT systems, such as software flaws in an operating system or security configuration issues in an application. The naming scheme ensures that each vulnerability entered into the dictionary has a unique name. Using standardized vulnerability naming schemes supports interoperability. Organizations typically have many tools for system security management that reference vulnerabilities—for example, vulnerability and patch management software, vulnerability assessment tools, anti-virus software and intrusion detection systems. If these tools do not use standardized names for vulnerabilities, it may not be clear that multiple tools are referencing the same vulnerabilities in their reports, and it may take extra time and resources to resolve these discrepancies and correlate the information. This lack of interoperability can cause delays and inconsistencies in security assessment, reporting, decision-making and vulnerability remediation, as well as hamper communications both within organizations and between organizations. Use of standardized names also helps minimize confusion regarding which problem is being addressed, such as which vulnerabilities a new patch mitigates. This helps organizations to quickly identify the information they need, such as remediation information, when a new problem arises.

This publication provides information and recommendations related to two commonly used vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE), and Common Configuration Enumeration (CCE).

The attached Zip file includes:

  • Intro Page.doc
  • Cover Sheet and Terms.pdf
  • Guide to Using Vulnerability Naming Schemes.pdf
IT Downloads help you save time and money while executing essential IT management tasks. Download this useful resource now and put it to work for your business.

This Download is provided by:

Partner logo

NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life.

All IT Downloads from National Institute of Standards and Technology» | Visit National Institute of Standards and Technology »
Related IT Downloads

email9 Trustworthy Email

This document provides recommendations and guidelines for enhancing trust in email, including transmission and content security recommendations. ...  More >>

Analytics7 Big Data: Storage, Sharing, and Security

Chapter 2 focuses on answering questions faced by individuals interested in using storage or database technologies to solve their Big Data problems. ...  More >>

Misc64 Microsoft PowerPoint 2016 Quick Reference

This Microsoft PowerPoint 2016 Quick Reference covers the basics screen layout, fundamentals of using the program and working with slides, keyboard shortcuts, formatting, transitions and working with images and multimedia files. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.