Making Security Measurable › CPE - Common Platform Enumeration

Federal Government uses CPE

1 message Options
Embed this post
Permalink
Peter M. Mell

Federal Government uses CPE

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?)

CPE participants,

 

NIST has identified CPE as a key technology in the U.S. Federal government’s efforts to automate and standardize vulnerability management, security measurement, and compliance reporting (e.g., FISMA). As a result, CPE has been included within the Security Content Automation Protocol (SCAP, see http://nvd.nist.gov/scap.cfm). It is also being incorporated within the new version of the National Vulnerability Database (NVD, http://nvd.nist.gov). The full NVD announcement is attached which provides more background.

 

Vendors adopting CPE may participate in this U.S. government effort by declaring their products compatible with SCAP and having information on their products publicly posted on http://nvd.nist.gov/tools.cfm. It is expected that Federal agencies (including the DOD) will take advantage of this “compatible tools” listing when acquiring vulnerability management products. Please contact [hidden email] to participate.

 

On a related note, September 19 and 20 NIST is hosting the 3rd Annual Security Automation Conference and Workshop where CPE and the five other SCAP standards will be discussed in detail. SCAP compatible vendors are welcome and encouraged to set up displays at no additional cost. See http://nvd.nist.gov/events.cfm for upcoming registration information.

 

Peter Mell

National Vulnerability Database Program Manager

NIST Computer Security Division

301-975-5572

[hidden email]

http://nvd.nist.gov

 



NVDv2.rtf (28K) Download Attachment
Free Embeddable Forum Powered by Nabble Help