Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 7864

The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities

Date Published: July 2012

Planning Note (07/10/2012):

NISTIR 7864 was originally posted for public comment as Draft NISTIR 7517 (February 2009).


Elizabeth LeMay (University of Illinois at Urbana-Champaign), Karen Scarfone (Scarfone Cybersecurity), Peter Mell (NIST)



security measurement; trust misuse; vulnerability measurement; vulnerability scoring
Control Families

Configuration Management; Risk Assessment


Download URL

Supplemental Material:
Press Release

Document History:
07/10/12: IR 7864 (Final)


Security and Privacy

general security & privacy, risk assessment