U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

vulnerability

Definition(s):

  Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
Source(s):
FIPS 200 under VULNERABILITY from CNSSI 4009 - Adapted
NIST SP 1800-15B under Vulnerability from NIST SP 800-37 Rev. 2
NIST SP 1800-15C under Vulnerability from NIST SP 800-37 Rev. 2
NIST SP 1800-25B under Vulnerability from FIPS 200, CNSSI 4009-2015 - Adapted
NIST SP 1800-26B under Vulnerability from FIPS 200, CNSSI 4009-2015 - Adapted
NIST SP 1800-27B under Vulnerability from FIPS 200
NIST SP 800-128 under Vulnerability from CNSSI 4009 - Adapted
NIST SP 800-137 under Vulnerability from CNSSI 4009
NIST SP 800-161r1 from NIST SP 800-53 Rev. 5
NIST SP 800-18 Rev. 1 under Vulnerability from CNSSI 4009 - Adapted
NIST SP 800-53 Rev. 5 from NIST SP 800-30 Rev. 1
NIST SP 800-53A Rev. 5 from NIST SP 800-30 Rev. 1
NIST SP 800-60 Vol. 1 Rev. 1 under Vulnerability from CNSSI 4009 - Adapted
NIST SP 800-60 Vol. 2 Rev. 1 under Vulnerability from CNSSI 4009 - Adapted
NIST SP 800-82 Rev. 2 under Vulnerability
NISTIR 7621 Rev. 1 under Vulnerability
NISTIR 7622 under Vulnerability from FIPS 200, NIST SP 800-115

  Weakness in a system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat.
Source(s):
NIST SP 1800-17b under Vulnerability
NIST SP 800-160 Vol. 1 from CNSSI 4009 - Adapted

  Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.
Source(s):
CNSSI 4009-2015 from NIST SP 800-30 Rev. 1
NIST SP 1800-21B under Vulnerability from NIST SP 800-30 Rev. 1
NIST SP 800-12 Rev. 1 under Vulnerability from NIST SP 800-30 Rev. 1
NIST SP 800-30 Rev. 1 under Vulnerability from CNSSI 4009
NIST SP 800-39 under Vulnerability from CNSSI 4009
NISTIR 8011 Vol. 4 from CNSSI 4009-2015

  Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. Note: The term weakness is synonymous for deficiency. Weakness may result in security and/or privacy risks.
Source(s):
NIST SP 800-128 from CNSSI 4009-2015 - Adapted

  Weakness in an information system, or in system security procedures, internal controls, or implementation, that could be exploited or triggered by a threat source.
Source(s):
NIST SP 800-115 under Vulnerability

  a flaw or weakness that may allow harm to occur to an IT system or activity.
Source(s):
NIST SP 800-16 under Vulnerability

  A flaw or weakness in a computer system, its security procedures, internal controls, or design and implementation, which could be exploited to violate the system security policy.
Source(s):
NIST SP 800-28 Version 2 under Vulnerability

  A security exposure in an operating system or other system software or application software component. A variety of organizations maintain publicly accessible databases of vulnerabilities based on the version numbers of software. Each vulnerability can potentially compromise the system or network if exploited.
Source(s):
NIST SP 800-44 Version 2 under Vulnerability
NIST SP 800-45 Version 2 under Vulnerability

  A weakness in a system, application, or network that is subject to exploitation or misuse.
Source(s):
NIST SP 800-61 Rev. 2 under Vulnerability

  Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. Note: the term weakness is synonymous for defiency. Weakness may result in security and /or privacy risks.
Source(s):
NIST SP 800-37 Rev. 2

  A weakness in system security procedures, system design, implementation, internal controls, etc., that could be exploited to violate the system security policy.
Source(s):
NISTIR 4734 under Vulnerability

  a bug, flaw, weakness, or exposure of an application, system, device, or service that could lead to a failure of confidentiality, integrity, or availability
Source(s):
NISTIR 7435 under Vulnerability

  An error, flaw, or mistake in computer software that permits or causes an unintended behavior to occur. CVE is a common means of enumerating vulnerabilities.
Source(s):
NISTIR 7511 Rev. 4 under Vulnerability

  A weakness in system security procedures, hardware, design, implementation, internal controls, technical controls, physical controls, or other controls that could be accidentally triggered or intentionally exploited and result in a violation of the system's security policy.
Source(s):
NISTIR 7316 under Vulnerability

  A condition that enables a threat event to occur.
Source(s):
NISTIR 8286 under Vulnerability

  A weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
Source(s):
NISTIR 8323 under Vulnerability from NIST SP 800-30 Rev. 1