We use proprietary and third party's cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
NVD - FIWARE Forge Wiki

NVD

From FIWARE Forge Wiki

Jump to: navigation, search

Contents

Brief Description

NVD (National Vulnera bility Database)is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance.

NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics. Fortunately, the NVD classifies the effect of a vulnerability in two dimensions: exploitable range and consequences.

• exploitable range: local, remote

• consequence: confidentiality loss, integrity loss,denial of service, and privilege escalation

Programming artefacts

NVD contains content (and pointers to tools) for performing configuration checking of systems implementing the FDCC(Federal Desktop Core Configuration) using the Security Content Automation Protocol (SCAP).

A SCAP vulnerability database is a product that contains a catalog of security related software flaw issues labeled with CVEs where applicable. This data is made accessible to users through a search capability or data feed and contains descriptions of software flaws, references to additional information (e.g., links to patches or vulnerability advisories), and impact scores..

Technologies Used

SCAP Security Content Automation Protocol version 1.0, Specification NIST SP800-126

Runtime pre-requisites

Vulnerability Search Engine (CVE software flaws and CCE misconfigurations)

SCAP Data Feeds (CVE, CCE, CPE, CVSS, XCCDF, OVAL)

IPR

NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security’s National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

publicly available

NVD: http://nvd.nist.gov/

FDCC: http://nvd.nist.gov/fdcc/index.cfm

FDCC Checklist: http://web.nvd.nist.gov/view/ncp/repository

Personal tools
Create a book