Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
Source(s):
FIPS 200 under VULNERABILITY from CNSSI 4009 - Adapted
NIST SP 800-128 under Vulnerability from CNSSI 4009 - Adapted
NIST SP 800-137 under Vulnerability from CNSSI 4009
NIST SP 800-161 under Vulnerability from NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, FIPS 200
NIST SP 800-18 Rev. 1 under Vulnerability from CNSSI 4009 - Adapted
NIST SP 800-37 Rev. 1 under Vulnerability from CNSSI 4009
NIST SP 800-53 Rev. 4 under Vulnerability from CNSSI 4009
NIST SP 800-53A Rev. 4 under Vulnerability from CNSSI 4009
NIST SP 800-60 Vol. 1 Rev. 1 under Vulnerability from CNSSI 4009 - Adapted
NIST SP 800-60 Vol. 2 Rev. 1 under Vulnerability from CNSSI 4009 - Adapted
NIST SP 800-82 Rev. 2 under Vulnerability from NIST SP 800-53
NIST SP 1800-25B under Vulnerability from FIPS 200, CNSSI 4009-2015 - Adapted
NIST SP 1800-26B under Vulnerability from FIPS 200, CNSSI 4009-2015 - Adapted
NIST SP 1800-27B under Vulnerability from FIPS 200
NIST SP 1800-15B under Vulnerability from NIST SP 800-37 Rev. 2
NIST SP 1800-15C under Vulnerability from NIST SP 800-37 Rev. 2
NIST SP 800-53 Rev. 5 from NIST SP 800-30 Rev. 1
NISTIR 7621 Rev. 1 under Vulnerability from NIST SP 800-53 Rev. 4
NISTIR 7622 under Vulnerability from FIPS 200, NIST SP 800-115, NIST SP 800-37, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-60

  Weakness in a system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat.
Source(s):
NIST SP 1800-17b under Vulnerability
NIST SP 800-160 Vol. 1 from CNSSI 4009 - Adapted

  Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.
Source(s):
CNSSI 4009-2015 from NIST SP 800-30 Rev. 1
NIST SP 800-12 Rev. 1 under Vulnerability from NIST SP 800-30 Rev. 1
NIST SP 800-30 Rev. 1 under Vulnerability from CNSSI 4009
NIST SP 800-39 under Vulnerability from CNSSI 4009
NIST SP 1800-21B under Vulnerability from NIST SP 800-30 Rev. 1
NISTIR 8011 Vol. 4 from CNSSI 4009-2015

  Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. Note: The term weakness is synonymous for deficiency. Weakness may result in security and/or privacy risks.
Source(s):
NIST SP 800-128 from CNSSI 4009-2015 - Adapted

  Weakness in an information system, or in system security procedures, internal controls, or implementation, that could be exploited or triggered by a threat source.
Source(s):
NIST SP 800-115 under Vulnerability

  a flaw or weakness that may allow harm to occur to an IT system or activity.
Source(s):
NIST SP 800-16 under Vulnerability

  A flaw or weakness in a computer system, its security procedures, internal controls, or design and implementation, which could be exploited to violate the system security policy.
Source(s):
NIST SP 800-28 Version 2 under Vulnerability

  A weakness in system security procedures, design, implementation, internal controls, etc., that could be accidentally triggered or intentionally exploited and result in a violation of the system’s security policy.
Source(s):
NIST SP 800-33 [Withdrawn]

  A security exposure in an operating system or other system software or application software component. A variety of organizations maintain publicly accessible databases of vulnerabilities based on the version numbers of software. Each vulnerability can potentially compromise the system or network if exploited.
Source(s):
NIST SP 800-44 Version 2 under Vulnerability
NIST SP 800-45 Version 2 under Vulnerability

  A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy.
Source(s):
NIST SP 800-47 under Vulnerability

  A weakness in a system, application, or network that is subject to exploitation or misuse.
Source(s):
NIST SP 800-61 Rev. 2 under Vulnerability

  A security weakness of a computer.
Source(s):
NIST SP 800-69 [Withdrawn] under Vulnerability

  Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. Note: the term weakness is synonymous for defiency. Weakness may result in security and /or privacy risks.
Source(s):
NIST SP 800-37 Rev. 2

  A weakness in system security procedures, system design, implementation, internal controls, etc., that could be exploited to violate the system security policy.
Source(s):
NISTIR 4734 under Vulnerability

  a bug, flaw, weakness, or exposure of an application, system, device, or service that could lead to a failure of confidentiality, integrity, or availability
Source(s):
NISTIR 7435 under Vulnerability

  An error, flaw, or mistake in computer software that permits or causes an unintended behavior to occur. CVE is a common means of enumerating vulnerabilities.
Source(s):
NISTIR 7511 Rev. 4 under Vulnerability

  A weakness in system security procedures, hardware, design, implementation, internal controls, technical controls, physical controls, or other controls that could be accidentally triggered or intentionally exploited and result in a violation of the system's security policy.
Source(s):
NISTIR 7316 under Vulnerability

  A condition that enables a threat event to occur.
Source(s):
NISTIR 8286 under Vulnerability

  A weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
Source(s):
NISTIR 8323 under Vulnerability from NIST SP 800-30 Rev. 1

  A security weakness in a computer.
Source(s):
NIST SP 800-114 [Superseded] under Vulnerability

  A weakness in system security requirements, design, implementation, or operation, that could be accidentally triggered or intentionally exploited and result in a violation of the system’s security policy.
Source(s):
NIST SP 800-27 Rev. A [Withdrawn]