Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
Source(s):
FIPS 200
under VULNERABILITY
from
CNSSI 4009 - Adapted
NIST SP 800-128
under Vulnerability
from
CNSSI 4009 - Adapted
NIST SP 800-137
under Vulnerability
from
CNSSI 4009
NIST SP 800-161
under Vulnerability
from
NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, FIPS 200
NIST SP 800-18 Rev. 1
under Vulnerability
from
CNSSI 4009 - Adapted
NIST SP 800-53A Rev. 4
under Vulnerability
from
CNSSI 4009
NIST SP 800-60 Vol. 1 Rev. 1
under Vulnerability
from
CNSSI 4009 - Adapted
NIST SP 800-60 Vol. 2 Rev. 1
under Vulnerability
from
CNSSI 4009 - Adapted
NIST SP 800-82 Rev. 2
under Vulnerability
from
NIST SP 800-53
NIST SP 1800-25B
under Vulnerability
from
FIPS 200, CNSSI 4009-2015 - Adapted
NIST SP 1800-26B
under Vulnerability
from
FIPS 200, CNSSI 4009-2015 - Adapted
NIST SP 1800-27B
under Vulnerability
from
FIPS 200
NIST SP 1800-15B
under Vulnerability
from
NIST SP 800-37 Rev. 2
NIST SP 1800-15C
under Vulnerability
from
NIST SP 800-37 Rev. 2
NIST SP 800-53 Rev. 5
from
NIST SP 800-30 Rev. 1
NISTIR 7621 Rev. 1
under Vulnerability
from
NIST SP 800-53 Rev. 4
NISTIR 7622
under Vulnerability
from
FIPS 200, NIST SP 800-115, NIST SP 800-37, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-60
NIST SP 800-37 Rev. 1
[Superseded]
under Vulnerability
from
CNSSI 4009
NIST SP 800-53 Rev. 4
[Superseded]
under Vulnerability
from
CNSSI 4009
Weakness in a system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat.
Source(s):
NIST SP 1800-17b
under Vulnerability
NIST SP 800-160 Vol. 1
from
CNSSI 4009 - Adapted
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.
Source(s):
CNSSI 4009-2015
from
NIST SP 800-30 Rev. 1
NIST SP 800-12 Rev. 1
under Vulnerability
from
NIST SP 800-30 Rev. 1
NIST SP 800-30 Rev. 1
under Vulnerability
from
CNSSI 4009
NIST SP 800-39
under Vulnerability
from
CNSSI 4009
NIST SP 1800-21B
under Vulnerability
from
NIST SP 800-30 Rev. 1
NISTIR 8011 Vol. 4
from
CNSSI 4009-2015
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. Note: The term weakness is synonymous for deficiency. Weakness may result in security and/or privacy risks.
Source(s):
NIST SP 800-128
from
CNSSI 4009-2015 - Adapted
Weakness in an information system, or in system security procedures, internal controls, or implementation, that could be exploited or triggered by a threat source.
Source(s):
NIST SP 800-115
under Vulnerability
a flaw or weakness that may allow harm to occur to an IT system or activity.
Source(s):
NIST SP 800-16
under Vulnerability
A flaw or weakness in a computer system, its security procedures, internal controls, or design and implementation, which could be exploited to violate the system security policy.
Source(s):
NIST SP 800-28 Version 2
under Vulnerability
A security exposure in an operating system or other system software or application software component. A variety of organizations maintain publicly accessible databases of vulnerabilities based on the version numbers of software. Each vulnerability can potentially compromise the system or network if exploited.
Source(s):
NIST SP 800-44 Version 2
under Vulnerability
NIST SP 800-45 Version 2
under Vulnerability
A weakness in a system, application, or network that is subject to exploitation or misuse.
Source(s):
NIST SP 800-61 Rev. 2
under Vulnerability
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. Note: the term weakness is synonymous for defiency. Weakness may result in security and /or privacy risks.
Source(s):
NIST SP 800-37 Rev. 2
A weakness in system security procedures, system design, implementation, internal controls, etc., that could be exploited to violate the system security policy.
Source(s):
NISTIR 4734
under Vulnerability
a bug, flaw, weakness, or exposure of an application, system, device, or service that could lead to a failure of confidentiality, integrity, or availability
Source(s):
NISTIR 7435
under Vulnerability
An error, flaw, or mistake in computer software that permits or causes an unintended behavior to occur. CVE is a common means of enumerating vulnerabilities.
Source(s):
NISTIR 7511 Rev. 4
under Vulnerability
A weakness in system security procedures, hardware, design, implementation, internal controls, technical controls, physical controls, or other controls that could be accidentally triggered or intentionally exploited and result in a violation of the system's security policy.
Source(s):
NISTIR 7316
under Vulnerability
A condition that enables a threat event to occur.
Source(s):
NISTIR 8286
under Vulnerability
A weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
Source(s):
NISTIR 8323
under Vulnerability
from
NIST SP 800-30 Rev. 1
A security weakness in a computer.
Source(s):
NIST SP 800-114
[Superseded]
under Vulnerability
A weakness in system security requirements, design, implementation, or operation, that could be accidentally triggered or intentionally exploited and result in a violation of the system’s security policy.
Source(s):
NIST SP 800-27 Rev. A
[Withdrawn]
A weakness in system security procedures, design, implementation, internal controls, etc., that could be accidentally triggered or intentionally exploited and result in a violation of the system’s security policy.
Source(s):
NIST SP 800-33
[Withdrawn]
A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy.
Source(s):
NIST SP 800-47
[Superseded]
under Vulnerability
A security weakness of a computer.
Source(s):
NIST SP 800-69
[Withdrawn]
under Vulnerability