Waltermire, D.
and Scarfone, K.
(2011),
Guide to Using Vulnerability Naming Schemes, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=907934
(Accessed October 9, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Guide to Using Vulnerability Naming Schemes
Published
Author(s)
, Karen Scarfone
Abstract
This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). Draft SP 800-51 Revision 1 gives an introduction to both naming schemes and makes recommendations for end-user organizations on using their names. The publication also presents recommendations for software and service vendors on how they should use vulnerability names and naming schemes in their product and service offerings. [Supersedes SP 800-51 (September 2002): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151265]Citation
Special Publication (NIST SP) - 800-51 Rev 1
Report Number
800-51 Rev 1
NIST Pub Series
Pub Type
NIST Pubs
Supercedes Publication
Download Paper
Keywords
CCE, Common Configuration Enumeration, Common Vulnerabilities and Exposures, CVE, SCAP, security automation, security configuration, Security Content Automation Protocol, vulnerabilities, vulnerability naming
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created February 25, 2011, Updated May 4, 2021