U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

CVMAP for CVE Numbering Authorities (CNAs) and Authorized Data Publishers: NISTIR 8246
December 15, 2020

[Intended audience:  CNAs (CVE Numbering Authorities), Authorized Data Publishers]

NIST announces the publication of NISTIR 8246Collaborative Vulnerability Metadata Acceptance Process (CVMAP) for CVE Numbering Authorities (CNAs) and Authorized Data Publishers.

The number of Common Vulnerabilities and Exposures identifiers (CVE IDs) created year over year has rapidly increased, and this trend is expected to continue indefinitely. Currently, a National Vulnerability Database (NVD) analyst manually reviews each CVE and attaches multiple forms of CVE metadata used by downstream consumers to prioritize and assist automated vulnerability scanning tools. This is a manually intensive process, and in many cases, this metadata is provided by the source, or CNA (CVE Numbering Authority), of the CVE with no policies or procedures in place to validate and accept the information.

This NISTIR leverages the technical knowledge provided by the CNAs and the application of consistent CVE metadata provided by NVD analysts through the formalization of a CVE entry metadata submission process. This allows for more efficient integration of the CNAs’ efforts into the NVD analyst workflow, which directly benefits downstream users and improves the security of our national IT infrastructure.
Created December 15, 2020