U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Measurements for Information Security


These are tools and utilities to assess the level of security risks and provide a mechanism to enhance automation for the cybersecurity information exchange.


Baldrige Cybersecurity Excellence Builder (BCEB)

A self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance.


Common Vulnerability Scoring System (CVSS)

An open framework for communicating the characteristics and severity of software vulnerabilities. CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability severity scores.


Security Content Automation Protocol (SCAP) 

The Security Content Automation Protocol is a synthesis of interoperable specifications derived from community ideas. This site contains information about both existing SCAP specifications and emerging specifications relevant to NIST's security automation agenda.


Created July 01, 2020, Updated July 14, 2023