Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 4/16/2014

CVE Publication rate: 20.23

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 8.95
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

Validation Record 126

Security Content Automation Protocol (SCAP) 1.2 Product Validation Record
Vendor: Tripwire, Inc.
Product Name: Tripwire Enterprise
Product Major Version: 8
Product Version Tested: 8.3.2
Tested Platforms:
  • Microsoft Windows 7, 64 bit
  • Microsoft Windows 7, 32 bit
  • Microsoft Windows Vista, SP2
  • Microsoft Windows XP Pro, SP3
  • Red Hat Enterprise Linux 5 Desktop, 64 bit
  • Red Hat Enterprise Linux 5 Desktop, 32 bit
SCAP 1.2 Capabilities:
  • Authenticated Configuration Scanner
  • Common Vulnerabilities and Exposures (CVE) Option
  • Open Checklist Interactive Language (OCIL) Option
Vendor Provided SCAP Information
Dates tested: 4/1/2013 - 11/4/2013
Report Submission Date: 11/7/2013
DTR Version: NIST IR 7511 Revision 3
Validation Test Suite Version:
  • version 1- (December 2012 release)
  • version 1- (August 2013 release)
Previous Validation (SCAP and Product Version): SCAP 1.0 FDCC Scanner - Tripwire Version 8
NVLAP Lab: Leidos
NVLAP # 200427-0
Validation Number: 126
Validation Date: November 7, 2013
Comments: An exception was granted for SCAP.R.2000.5 because there isn't a clearly defined method for exporting the same OVAL variable with multiple values.
Exceptions were granted for validation tests that contained bugs which were subsequently fixed in version 1- of the validation test suite.