Mission and Overview
NVD is the U.S. government repository of standards based
vulnerability management data. This data enables automation of vulnerability management,
security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:
Last updated: 09/15/08
CVE Publication rate:
11
vulnerabilities / day
Email List
NVD provides four mailing lists to the public. For information and subscription instructions please visit
NVD Mailing Lists
Workload Index
Vulnerability
Workload Index:
6.66
About Us
NVD is a product of the NIST Computer Security Division
and is sponsored by the Department of Homeland Security’s
National Cyber Security Division. It supports the U.S. government
multi-agency (OSD, DHS,
NSA, DISA,
and NIST) Information Security Automation Program. It is the U.S. government content
repository for the Security Content Automation Protocol (SCAP).
National Checklist Program
Formerly the (NIST Security Configuration Checklist Program)
The National Checklist Program (NCP) is the U.S. government repository of publicly available security checklists (or benchmarks)
that provide detailed low level guidance on setting the security configuration of operating systems and applications. NCP
is migrating its repository of checklists to conform to the Security Content Automation Protocol (
SCAP).
SCAP enables
standards based security tools to automatically perform configuration checking using NCP checklists.
NCP contains 161 checklists covering 142 products.
NCP Resources:
Congressional Authority for NCP
The
Cyber Security Research and Development Act of 2002
tasks the National Institute of Standards and Technology (NIST) to "develop, and revise as necessary,
a checklist setting forth settings and option selections that minimize the security risks associated with each computer
hardware or software system that is, or is likely to become widely used within the Federal Government."
Such checklists, when combined with well-developed guidance, leveraged with high-quality security expertise,
vendor product knowledge, operational experience, and accompanied with tools, can markedly reduce the vulnerability
exposure of an organization.
Federal Desktop Core Configuration settings (FDCC)
NVD contains checklists (and pointers to tools) for performing configuration checking of systems
implementing the
FDCC using the
Security Content Automation Protocol (
SCAP).
FDCC Checklists are available here (to be used with SCAP
validated tools).