U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 800-51 Rev. 1

Guide to Using Vulnerability Naming Schemes

Date Published: February 2011

Supersedes: SP 800-51 (09/01/2002)


David Waltermire (NIST), Karen Scarfone (G2)



CCE; Common Configuration Enumeration; Common Vulnerabilities and Exposures; CVE; SCAP; security automation; security configuration; Security Content Automation Protocol; vulnerabilities; vulnerability naming
Control Families

Audit and Accountability; Configuration Management; Incident Response; Risk Assessment; System and Services Acquisition


SP 800-51 Rev. 1 (DOI)
Local Download

Supplemental Material:
Press Release (other)

Document History:
02/25/11: SP 800-51 Rev. 1 (Final)


Security and Privacy
security automation; vulnerability management