U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by:

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 26 - 46 of 46

Common Platform Enumeration: Applicability Language Specification Version 2.3

August 19, 2011
Author(s)
David A. Waltermire, Paul R. Cichonski, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Applicability Language version 2.3 specification. The CPE Applicability Language specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product

Common Platform Enumeration: Dictionary Specification Version 2.3

August 19, 2011
Author(s)
Paul R. Cichonski, David A. Waltermire, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Dictionary version 2.3 specification. The CPE Dictionary Specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming

Common Platform Enumeration: Name Matching Specification Version 2.3

August 19, 2011
Author(s)
Mary Parmelee, Harold Booth, David A. Waltermire, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Name Matching version 2.3 specification. The CPE Name Matching specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product description and

Common Platform Enumeration: Naming Specification Version 2.3

August 19, 2011
Author(s)
Brant Cheikes, David A. Waltermire, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Naming version 2.3 specification. The CPE Naming specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming. The CPE

Specification for the Asset Reporting Format 1.1

June 21, 2011
Author(s)
David A. Waltermire, Adam Halbardier, Mark Johnson
This specification describes the Asset Reporting Format (ARF), a data model for expressing the transport format of information about assets and the relationships between assets and reports. The standardized data model facilitates the reporting, correlating

Specification for Asset Identification 1.1

June 17, 2011
Author(s)
David A. Waltermire, John Wunder, Adam Halbardier
Asset identification plays an important role in an organization‟s ability to quickly correlate different sets of information about assets. This specification provides the necessary constructs to uniquely identify assets based on known identifiers and/or

Specification for the Open Checklist Interactive Language (OCIL) Version 2.0

April 7, 2011
Author(s)
David A. Waltermire, Karen Scarfone, Maria Casipe
This report defines version 2.0 of the Open Checklist Interactive Language (OCIL). The intent of OCIL is to provide a standardized basis for expressing questionnaires and related information, such as answers to questions and final questionnaire results, so

Guide to Using Vulnerability Naming Schemes

February 25, 2011
Author(s)
David A. Waltermire, Karen Scarfone
This publication provides recommendations for using two vulnerability naming schemes: Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE). Draft SP 800-51 Revision 1 gives an introduction to both naming schemes and makes