The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems

Source: NIST, August 2007


NIST IR 7435 is published as final. CVSS provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. This publication defines and describes the CVSS standard, provides advice on performing scoring, and discusses how Federal agencies can incorporate Federal Information Processing Standards (FIPS) 199 impact ratings into their CVSS scores to generate scores that are specifically tailored to particular Federal agency environments.


For complete article see:
http://csrc.nist.gov/publications/nistir/ir7435/NISTIR-7435.pdf