Date Published: February 2011
Supersedes:
SP 800-51 (09/01/2002)
Author(s)
David Waltermire (NIST), Karen Scarfone (G2)
This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). SP 800-51 Revision 1 gives an introduction to both naming schemes and makes recommendations for end-user organizations on using their names. The publication also presents recommendations for software and service vendors on how they should use vulnerability names and naming schemes in their product and service offerings.
This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). SP 800-51 Revision 1 gives an introduction to both naming schemes and makes recommendations for end-user organizations on using...
See full abstract
This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). SP 800-51 Revision 1 gives an introduction to both naming schemes and makes recommendations for end-user organizations on using their names. The publication also presents recommendations for software and service vendors on how they should use vulnerability names and naming schemes in their product and service offerings.
Hide full abstract
Keywords
CCE; Common Configuration Enumeration; Common Vulnerabilities and Exposures; CVE; SCAP; security automation; security configuration; Security Content Automation Protocol; vulnerabilities; vulnerability naming
Control Families
Audit and Accountability; Configuration Management; Incident Response; Risk Assessment; System and Services Acquisition
