Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

EVENTS

NIST Workshop on Hardware CPE and CVSS Updates

Name: NIST Workshop on Hardware CPE and CVSS Updates
Start: 2026-06-22T10:00:00-04:00
End: 2026-06-22T17:00:00-04:00
Location: NIST National Cybersecurity Center of Excellence (NCCoE) 9700 Great Seneca Highway, Rockville, MD 20850

Virtual Event

June 22, 2026
10:00am - 5:00pm EDT

NIST National Cybersecurity Center of Excellence (NCCoE)
9700 Great Seneca Highway, Rockville, MD 20850

In-Person Registration Fee: $96 (includes all-day beverage service, AM Snack, Lunch and PM Snack)
~~In-person registration will close on June 15, 2026 at 6:00pm~~

update 6/16 - The upcoming NIST Workshop is now virtual-only. We apologize for the change and hope to see you there!

Virtual Registration Fee: $46
Virtual registration will close on June 22, 2026 at 9:00am

technical contact

Dragos Prisaca, dragos.prisaca [at] nist.gov (dragos[dot]prisaca[at]nist[dot]gov)

Registration Contact

Sabina Mohan

[email protected]

(240) 309-1727

NIST is hosting a one-day workshop on hardware representation in the Common Platform Enumeration (CPE) and on how the Common Vulnerability Scoring System (CVSS) applies to hardware. The workshop will discuss NIST's plans and potential updates in these areas and gather community feedback from hardware vendors, vulnerability analysts, security-tool developers, National Vulnerability Database (NVD) users, and standards participants across government and industry.

Topics will include the current state of hardware coverage in NVD and CPE, plans and potential changes to CPE for hardware representation, CVSS considerations specific to hardware, and how the community can engage with this work going forward. The workshop is part of NIST's CHIPS Metrology and Computer Security Division (CSD) effort to improve how hardware products are identified and how their vulnerabilities are scored.

The event will be held at the NIST National Cybersecurity Center of Excellence (NCCoE) in Rockville, Maryland, with a virtual attendance option.

For more information about NVD CPE, please visit the NVD CPE page. For CPE development and access to the public comments forum, contact cpe-dev [at] list.nist.gov (cpe-dev[at]list[dot]nist[dot]gov).

If you have questions regarding the workshop, please contact cpe-workshop [at] nist.gov (cpe-workshop[at]nist[dot]gov).

Agenda

View/Download Agenda (PDF)

Time	Topic	Speaker(s) / notes
9:30 AM	Registration, coffee & snacks	–
10:00 – 10:20 AM	Welcome & opening remarks	Opening remarks and workshop framing
10:20 – 10:55 AM	Why CPE is being revised: goals, scope, hardware naming gaps, path to CPE 3.x	Presentation + Q&A
10:55 – 11:30 AM	Identifying and matching hardware: the CPE Dictionary and the matching algorithm	Presentation + Q&A
11:30 – 11:45 AM	Coffee, snacks, and informal discussion	–
11:45 AM – 12:20 PM	CPE 3.x design directions: data model, granularity, federation, and aliasing tradeoffs	Presentation + Q&A
12:20 – 1:00 PM	Facilitated morning discussion: naming, matching, and CPE 3.x direction	Facilitated discussion
1:00 – 2:00 PM	Lunch	–
2:00 – 2:45 PM	Panel: Identifying hardware in practice	Moderated panel
2:45 – 3:00 PM	Coffee, snacks, and informal discussion	–
3:00 – 3:45 PM	Severity Scoring and Hardware	Moderated panel
3:45 – 4:45 PM	CPE discussion: open community feedback	Facilitated community feedback
4:45 – 5:00 PM	Closing remarks, next steps	Closing remarks

Electronics, Semiconductors, Information technology, Conformance testing, Cybersecurity and privacy, Cybersecurity measurement, Risk management, Securing emerging technologies, Standards, Conformity assessment, Documentary standards, Frameworks and Reference data

Created May 20, 2026, Updated June 16, 2026