Vulnerabilities Checklists Product Dictionary Impact Metrics Data Feeds Statistics
Home ISAP/SCAP SCAP Validated Tools SCAP Events About Contact Vendor Comments
Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status

NVD contains:

32678 CVE Vulnerabilities
161Checklists
151 US-CERT Alerts
2257 US-CERT Vuln Notes
2097OVAL Queries

Last updated:  09/15/08

CVE Publication rate:

11 vulnerabilities / day
Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 6.66
About Us

NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security’s National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

Information Security Automation Program Events

4th Annual IT Security Automation Conference
Date: September 23rd and 24th, 2008
Information: Conference Agenda
Conference Flyer coming soon
Cost: $95 - Vendors are welcome and encouraged to set up
displays.
Location:

NIST Red Auditorium

Administration Building/ Bldg. 101
100 Bureau Dr.
Gaithersburg, MD 20899
Conference Home Page: http://nvd.nist.gov/scapconf2008.cfm
Registration Home Page: http://www.nist.gov/public_affairs/confpage/080923.htm
SCAP Working Group and Workshops
Date: September 22nd and 25th, 2008
Information: Agenda coming soon.
Cost: No Charge
Location:

NIST

100 Bureau Dr.
Gaithersburg, MD 20899
Workshop Home Page: http://nvd.nist.gov/scapconf2008.cfm
I4
Date: July 14, 2008
Location: Switzerland
Federal Computer Security Program Managers Forum Offsite
Date: June 04, 2008
Information: NIST Meeting Information
Location: Bethesda North Marriott Hotel and Conference Center
5701 Marinelli Road
North Bethesda MD 20852
White Flint Metro Stop
17th Annual WEDI National Conference -
Improving Healthcare Through Data Exchange
Date: May 21, 2008
Information: WEDI National Conference Home Page

NIST has been requested to present on the soon-to-be-released-public-draft-revision of NIST SP 800-66, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, and the Security Content Automation Protocol (SCAP).
Location: Baltimore, MD
NATO IA Security Conference
Date: April 22, 2008
Location: Shades of Green hotel
Orlando, FL
IT Security Entrepreneurs' Forum
Date: March 11, 2008
Presentor(s): Stephen Quinn - NIST
Information: Entrepreneurs' Forum Home Page
Entrepreneurs' Forum Agenda
Location: Frances C. Arrillaga Alumni Center
326 Galvez Street
Stanford, CA 94305-6105
American Council for Technology (ACT) Industry Advisory Council (IAC),
Federal Desktop Core Configuration Panel
Date: March 06, 2008
Location: Capitol Hill, DC
SecureGOV Symposium
Date: March 10 - 11, 2008
Presentor(s): Matt Barrett - NIST
Information: SecureGOV Symposium
Location: The Williamsburg, VA
Red Team/Blue Team Symposium
Date: February 26 - 29, 2008
Presentor(s): Tim Grance - NIST, Stephen Quinn - NIST
Information: Red Team/Blue Team Symposium
Location: Johns Hopkins University Applied Physics Lab (Kossiakoff Center)
11100 Johns Hopkins Road
Laurel, MD 20723-6099
Federal Desktop Core Configuration Implementers Workshop
Date: January 24, 2008
Time: 9:00am - 5:00pm
Cost: Free
Information: Workshop Presentations
Workshop Agenda
Location:

NIST Red Auditorium

Administration Building/ Bldg. 101
100 Bureau Dr.
Gaithersburg, MD 20899
SECAF Executive Briefing: Opportunities with NIST
Date: January 23, 2008
Start Time: 7:45AM
Information: Event Summary
Presentation
Location:

The Tower Club Tysons Corner

8000 Towers Crescent Drive
Suite 1700
Vienna, VA 22182
HIPAA Security Rule Implementation and Assurance Workshop
Date: January 16, 2008
Information: Registration Page
Presentation
Location:

NIST Red Auditorium

Administration Building/ Bldg. 101
100 Bureau Dr.
Gaithersburg, MD 20899
Privacy Challenges in Government Workshop IV
Date: November 27, 2007
Time: 7:30AM-5:00PM
Location: Willard Intercontinental Hotel
More Information: http://www.potomacforum.org/
http://www.potomacforum.org/?view=211
Presentation: NIST Update: Guidance on Stanard Configuration
and Implication for Agency Privacy Challanges
ITAA Breakfast Forum on the Federal Desktop Core Configuration
Date: November 2, 2007
Time: 8:00AM-10:00AM
Location: Marriott Tysons Corner, 8028 Leesburg Pike, Vienna, VA 22182
Presentation: Federal Desktop Core Configuration
3rd Annual IT Security Automation Conference
Date: September 19th and 20th, 2007
Information: Conference Flyer     Conference Agenda
Cost: $175 - Vendors are welcome and encouraged to set up
displays.
Location:

NIST Red Auditorium

Administration Building/ Bldg. 101
100 Bureau Dr.
Gaithersburg, MD 20899
More Information:

The 3rd Annual IT Security Automation Conference featured more than 15 vendor displays and attracted over 700 attendees. We would like to thank all participants that helped to make this years conference a real success.

Presentations:

Please see the Conference Presentations page for the full list of conference presentations.
Registration Home Page: http://www.nist.gov/public_affairs/confpage/070919.htm 
SCAP Working Group and Workshops
Date: September 17th, 18th and 21st, 2007
Information: Registration Instructions and Workshop Agendas
Cost: No Charge
Location:

NIST

100 Bureau Dr.
Gaithersburg, MD 20899
Federal Computer Security Manager's Forum Annual Offsite
Date: August 7-8, 2007
Time: 8:00AM-4:00PM
Location: Marriott Conference Center 5701 Marinelli Road, North Bethesda, MD 20851
Presentation 1: Ensuring Secure Computer Configurations within the Federal Government using the Security Content Automation Protocol
Presentation 2: FDCC Windows Vista Baseline
Office of Management and Budget Technical Exchange - Federal Desktop Core Configuration
Date: August 1, 2007
Time: 8:00AM-4:00PM
Location: Ronald Reagan International Trade Center 1300 Pennsylvania Ave, NW Washington, DC 20004
Presentation: FDCC and the Security Content Automation Protocol
Potomac Forum, Ltd. - A Secure Standard Desktop Configuration for Government – Meeting the OMB Mandate
Date: May 24, 2007
Time: 8:45 AM
Location: Willard InterContinental Washington
1401 Pennsylvania Avenue NW
Washington DC 20004
More Information: http://www.potomacforum.org/
http://www.potomacforum.org/?view=196
Presentation: Standard Configurations: What Agencies Need to Know
Defense Network Centric Operations 2007 - Information Assurance Symposium
Date: June 11, 2007
Time: TBD
Location: Hilton Alexandria Mark Center
5000 Seminary Road
Alexandria, VA 22311
More Information: http://www.wbresearch.com/DNCO/
Security Solutions 2007 - Automating Vulnerability Management Through SCAP
Date: April 4th, 2007
Time: 11:30 am - 12:15 pm
Location: Tampa Marriott Waterside Hotel and Marina
700 South Florida Avenue
Tampa, Florida 33602
More Information: https://securitysolutions.telos.com//default.cfm
800-708-3567
Presentation: Standardizing and Automating Security Operations
National Security Agency - Central Security Service: 2007 Information Assurance Workshop (IAWS)
Date: February 12 - 16, 2007
Location: Wyndham Orlando Resort
8001 International Drive
Orlando, FL 32819
More Information: http://www.nsa.gov/ia/events/conferences/index.cfm?ConferenceID=41
Presentation: SCAP-02112007-IAWS.ppt
RSA Conference (Tutorial Session) - Automated Security Content Provisioning for Vulnerability and Configuration Assessment, Compliance, and Remediation. NIST Security Content Automation, Checklist Program, and NVD.
Date: Monday, February 5, 2007
Time: 1:45 pm - 3:30 pm
Location: San Francisco, CA.
More Information: http://www.rsaconference.com/2007/US/
Twenty-Second Annual Computer Security Applications Conference (ACSAC) (Workshop) - Host Based Security Assessment: Standards to Implementations
Date: December 11th, 2006
Time: 8:30 am - 4:30 pm
Location: Miami Beach Resort and Spa, Miami Beach, FL
More Information: http://www.acsac.org/2006/advance_program.html
Harvey Rubinovitz, (781)-271-3076 or hhr@mitre.org
ITAA's CISO Workshop "Information Security in the Federal Enterprise"
Date: November 2nd, 2006
Time: 8:00 am - 7:00 pm
Location: CSC EBC- 3170
Fairview Park Dr.
Falls Church, VA
More Information: http://www.itaa.org/events/event.cfm?EventID=1646
Patti Coen at pcoen@itaa.org
Presentation: ITAA FISMA 20061102 Final2.ppt
Red Team Blue Team (ReBl) Symposium - Making Sense of Vulnerabilities
Date: 10/30/06 - 11/02/06
Time: TBD
Location: Johns Hopkins University Applied Physics Lab (APL)
1100 Johns Hopkins Road
Laurel, Maryland 20723
More Information: http://www.nsa.gov/ia/events
USDA OCIO - Fiscal Year 2007 - Opening Meeting for Best Practices and Lessons Learned.
Date: Thursday, October 26, 2006
Time: 1:00 pm - 3:00 p.m.
Location: OCIO Conference Room, S-107, South Building
More Information: LaTonya Finch at 202-205-7734 or latonya.finch@usda.gov
FIAC - Automating FISMA Technical Control Compliance Using Standards
Date: October, 24th 2006
Time: TBD
Location: University of Maryland College Park Inn and Conference Center
More Information: http://www.fbcinc.com/fiac/
If you or your organization is presenting on SCAP, XCCDF, or OVAL; we would like the opportunity to post your presentation here. Please contact us at scap-update@nist.gov to do this.




Disclaimer Notice & Privacy Statement / Security Notice

Send comments or suggestions to nvd@nist.gov

NIST Computer Security Resource Center (CSRC)

NIST is an Agency of the U.S. Commerce Department

Full vulnerability listing