90 likes | 260 Views
Inteco and NIST Cooperation. Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance Manager, Systems and Network Security Group NIST Computer Security Division July 20, 2006.
E N D
Inteco and NIST Cooperation Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance Manager, Systems and Network Security Group NIST Computer Security Division July 20, 2006
National Institute of Standards and Technology NIST’s mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. • 3,000 employees • 1,600 guest researchers
Cryptography / E-Auth Cryptographic Standards and Applications Cryptographic Standards Toolkit E-Authentication Security Testing Cryptographic Module Validation Program 800-53A Validation Guideline Security Management and Guidance Industry and Federal Security Standards Security Management Guidelines Agency Program Reviews Security Technologies Security Checklists Technical Security Guidelines Government Smart Card Program Mobile Device Security Forensics Access Control and Authorization Management National Vulnerability Database Protocols & Services Intrusion Detection Wireless NIST Computer Security Division
Overview of the National Vulnerability Database NVD is a comprehensive information technology vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides links to industry resources. • 18200 vulnerability summaries • 2.2 million hits per month • Adding 17 vulnerabilities each day
NVD Export Capability • RSS Feed • Enables systems administrators and security operations personnel to keep updated on the latest vulnerabilities • XML Feed • Enables importation of NVD vulnerability information into third party products • Gives away the entire database • No licensing restrictions
Concept of Operations List of all known vulnerabilities Vulnerability Analysis Vulnerability Translation No Cost License Free Vulnerability Data Feed Spanish English