Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 12/29/2014 5:14:50 AM

CVE Publication rate: 17.47

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 7.1
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Checklist Program

Download Page for NIST SP 800-70 Rev. 2

NIST welcomes and greatly appreciates comments from readers. For SP 800-70 Rev. 2, NIST is especially interested in readers' comments about the following (comments can be sent to checklists@nist.gov:

  1. Are the operational environments plus the custom environments sufficiently broad to cover the vast majority of your operational environments? Are the threat statements and general policies sufficiently described? Is there any criterion you would add or remove?
  2. For potential developers of checklists, is the development criteria, i.e., NIST publications and other checklists, sufficient for building checklists that contain consistent levels of security? Is the criteria too broad and general, or is it too specific so as to potentially exclude certain types of products, or did NIST get it right? NIST has tried to strike a balance between criteria that is too restrictive versus criteria that is overly broad.
  3. Especially for vendors, is the description of the checklist program participation requirements straightforward and easy to understand? Are there special concerns that NIST has failed to address? Do you wish to participate in the program? Would you use the checklist program logo?
  4. For potential users, does the document adequately explain how to use checklists? Are the checklist description fields useful? Are there additional checklist description fields you would add?
  5. Are there subjects or issues that NIST did not address but you think should be included in this publication?

Download Packages

Update History

  • xx-Feb-2011 - Initial Draft Release of 800-70 Rev. 2
  • 19-Sep-2008 - Initial Draft Release of 800-70 Rev. 1
  • 26-May-2005 - Final Release of 800-70
  • 12-Aug-2004 - Initial Draft Release
  • 13-Aug-2004 - Corrected typos in Appendices C and D
  • 20-Aug-2004 - Corrected unknown reference typo

If you would like to be notified of updates to Special Publication 800-70 Rev. 2, send an e-mail message to checklists@nist.gov requesting to be on the notification list.