Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-51 Rev. 1

Guide to Using Vulnerability Naming Schemes

Date Published: February 2011

Supersedes: SP 800-51 (09/01/2002)


David Waltermire (NIST), Karen Scarfone (G2)



CCE; Common Configuration Enumeration; Common Vulnerabilities and Exposures; CVE; SCAP; security automation; security configuration; Security Content Automation Protocol; vulnerabilities; vulnerability naming
Control Families

Audit and Accountability; Configuration Management; Incident Response; Risk Assessment; System and Services Acquisition


Download URL

Supplemental Material:
Press Release

Document History:
02/25/11: SP 800-51 Rev. 1 (Final)


Security and Privacy

security automation, vulnerability management