Inteco and NIST Cooperation
Peter Mell
National Vulnerability Database Project Lead
Senior Computer Scientist
NIST Computer Security Division
Tim Grance
Manager, Systems and Network Security Group
NIST Computer Security Division
July 20, 2006
National Institute of Standards and Technology
3,000 employees
1,600 guest researchers
NIST’s mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life.
NIST Computer Security Division
• Cryptography / E-Auth– Cryptographic Standards and
Applications
– Cryptographic Standards Toolkit
– E-Authentication
• Security Testing– Cryptographic Module
Validation Program
– 800-53A Validation Guideline
• Security Management and Guidance– Industry and Federal Security
Standards
– Security Management Guidelines
– Agency Program Reviews
• Security Technologies
– Security Checklists
– Technical Security Guidelines
– Government Smart Card Program
– Mobile Device Security
– Forensics
– Access Control and Authorization Management
– National Vulnerability Database
– Protocols & Services
– Intrusion Detection
– Wireless
Overview of the National Vulnerability Database
NVD is a comprehensive information technologyvulnerability database that integrates all publiclyavailable U.S. Government vulnerability resourcesand provides links to industry resources.
– 18200 vulnerability summaries– 2.2 million hits per month– Adding 17 vulnerabilities each day
NVD Export Capability
• RSS Feed– Enables systems administrators and security
operations personnel to keep updated on the latest vulnerabilities
• XML Feed– Enables importation of NVD vulnerability
information into third party products – Gives away the entire database– No licensing restrictions
List of all knownvulnerabilities
VulnerabilityAnalysis
No CostLicense FreeVulnerability
Data Feed
VulnerabilityTranslation
Concept of Operations
Spanish
English
Top Related