Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme [open pdf - 203KB]
The Common Vulnerabilities and Exposures (CVE) vulnerability naming scheme is a dictionary of common names for publicly known IT system vulnerabilities. It is an emerging industry standard that has achieved wide acceptance by the security industry and a number of government organizations. Technical vulnerability experts from 31 industry, academia, and government organizations vote on the common names. This document provides guidelines for federal organizations' acquisition and use of security-related information technology (IT) products and services. NIST's advice is provided in the context of larger recommendations regarding security assurance (see NIST Special Publication 800-23, http://csrc.nist.gov). This document has been developed by NIST in furtherance of its statutory responsibilities (under the Computer Security Act of 1987 and the Information Technology Management Reform Act of 1996, specifically 15 U.S.C. 278 g-3 (a) (5)). This is not a guideline within the meaning of (15 U.S.C. 278 g-3 (a) (3)). These guidelines are for use by federal organizations which process sensitive information. They are consistent with the requirements of Office of Management and Budget (OMB) Circular A-130, Appendix III.
NIST Special Publication 800-51