Inteco and NIST Cooperation

Peter Mell

National Vulnerability Database Project Lead

Senior Computer Scientist

NIST Computer Security Division

Tim Grance

Manager, Systems and Network Security Group

NIST Computer Security Division

July 20, 2006

National Institute of Standards and Technology

3,000 employees

1,600 guest researchers

NIST’s mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life.

NIST Computer Security Division

• Cryptography / E-Auth– Cryptographic Standards and

Applications

– Cryptographic Standards Toolkit

– E-Authentication

• Security Testing– Cryptographic Module

Validation Program

– 800-53A Validation Guideline

• Security Management and Guidance– Industry and Federal Security

Standards

– Security Management Guidelines

– Agency Program Reviews

• Security Technologies

– Security Checklists

– Technical Security Guidelines

– Government Smart Card Program

– Mobile Device Security

– Forensics

– Access Control and Authorization Management

– National Vulnerability Database

– Protocols & Services

– Intrusion Detection

– Wireless

Overview of the National Vulnerability Database

NVD is a comprehensive information technologyvulnerability database that integrates all publiclyavailable U.S. Government vulnerability resourcesand provides links to industry resources.

– 18200 vulnerability summaries– 2.2 million hits per month– Adding 17 vulnerabilities each day

NVD Export Capability

• RSS Feed– Enables systems administrators and security

operations personnel to keep updated on the latest vulnerabilities

• XML Feed– Enables importation of NVD vulnerability

information into third party products – Gives away the entire database– No licensing restrictions

List of all knownvulnerabilities

VulnerabilityAnalysis

No CostLicense FreeVulnerability

Data Feed

VulnerabilityTranslation

Concept of Operations

Spanish

English