U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

vulnerability analysis

Abbreviation(s) and Synonym(s):

vulnerability assessment
Vulnerability Assessment

Definition(s):

  Formal description and evaluation of the vulnerabilities in an information system.
Source(s):
NIST SP 800-137 under Vulnerability Assessment from CNSSI 4009
NIST SP 800-18 Rev. 1 under Vulnerability Assessment from CNSSI 4009
NIST SP 800-37 Rev. 1 [Superseded] under Vulnerability Assessment from CNSSI 4009

  Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.
Source(s):
NIST SP 800-160 Vol. 1 under vulnerability assessment from CNSSI 4009
NIST SP 800-161 under Vulnerability Assessment from NIST SP 800-53A Rev. 4, CNSSI 4009
NIST SP 800-30 Rev. 1 under Vulnerability Assessment from CNSSI 4009
NIST SP 800-37 Rev. 2 under vulnerability assessment
NIST SP 800-39 under Vulnerability Assessment from CNSSI 4009
NIST SP 800-53 Rev. 5 under vulnerability assessment from CNSSI 4009-2015
NIST SP 800-53A Rev. 5 under vulnerability assessment from CNSSI 4009-2015
NISTIR 7622 under Vulnerability Assessment from CNSSI 4009, NIST SP 800-53A
CNSSI 4009-2015 [Superseded] under vulnerability assessment
NIST SP 800-53 Rev. 4 [Superseded] under Vulnerability Assessment from CNSSI 4009

  See vulnerability assessment.
Source(s):
NIST SP 800-53 Rev. 5
NIST SP 800-53A Rev. 5
CNSSI 4009-2015 [Superseded] from NISTIR 7298 Rev. 2
NIST SP 800-53 Rev. 4 [Superseded] under Vulnerability Analysis

  Systematic examination of an information system or product to determine the adequacy of security and privacy measures, identify security and privacy deficiencies, provide data from which to predict the effectiveness of proposed security and privacy measures, and confirm the adequacy of such measures after implementation.
Source(s):
NIST SP 800-53A Rev. 4 [Superseded] under Vulnerability Assessment from CNSSI 4009 - Adapted