The Information Security Automation Program and The Security Content Automation Protocol

Mission and Overview

NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).

Resource Status

NVD contains:

32678	CVE Vulnerabilities
161	Checklists
151	US-CERT Alerts
2257	US-CERT Vuln Notes
2097	OVAL Queries

Last updated: 09/15/08

CVE Publication rate:

11 vulnerabilities / day

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index

Vulnerability Workload Index: 6.66

About Us

NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security’s National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

The Information Security Automation Program and
The Security Content Automation Protocol

U.S. Government Agency Leads: NIST, OSD, DHS, NSA, and DISA

The Information Security Automation Program (ISAP) is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations. The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance). NVD is the U.S. government content repository for ISAP and SCAP.

SCAP Validation Program

SCAP Documents

SCAP Content

SCAP Checklists (files to automate low level security checking)
SCAP Enumeration and Mapping Data Feeds (for tool developers and integrators)

SCAP Standards: CVE, CCE, CPE, CVSS, XCCDF, OVAL

SCAP Presentations

Security Automation Conference Presentations: PowerPoint presentations from the 2007 Security Automation Conference are available here: 2007 Conference Presentations
Security Solutions 2007: Standardizing and Automating Security Operations: ISAP-SecuritySolutions-2007.ppt
National Security Agency - Central Security Service: 2007 Information Assurance Workshop (IAWS) Presentation: SCAP-02112007-IAWS.ppt
ITAA CISO Workshop: Beyond FISMA, Taking Federal Cyber Security to the Next Level: ITAA FISMA 20061102 Final2.ppt
Security Content Automation Presentation: scap-webpp-10182006.ppt
2nd Annual Security Automation Conference and Workshop: Conference Presentations

Disclaimer Notice & Privacy Statement / Security Notice

Send comments or suggestions to nvd@nist.gov

NIST Computer Security Resource Center (CSRC)

NIST is an Agency of the U.S. Commerce Department

Full vulnerability listing

The Information Security Automation Program andThe Security Content Automation Protocol

U.S. Government Agency Leads: NIST, OSD, DHS, NSA, and DISA

The Information Security Automation Program and
The Security Content Automation Protocol