Tools

These are tools and utilities to assess the level of security risks and provide a mechanism to enhance automation for the cybersecurity information exchange.

Baldrige Cybersecurity Excellence Builder (BCEB)

A self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance.

Common Vulnerability Scoring System (CVSS)

An open framework for communicating the characteristics and severity of software vulnerabilities. CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability severity scores.

Security Content Automation Protocol (SCAP) 

The Security Content Automation Protocol is a synthesis of interoperable specifications derived from community ideas. This site contains information about both existing SCAP specifications and emerging specifications relevant to NIST's security automation agenda.