You import the Common Vulnerability and Exposures (CVE) list and Common Vulnerability Scoring System (CVSS) standard through the SCAP Content view of the console. The CVE identifiers (ID) represent the software flaws that are defined by the CVE dictionary. The CVSS are used for the risk score calculation of the assets that are evaluated against the SCAP benchmarks or the OVAL definitions.
The SCAP benchmarks or the OVAL definitions that you import does not contain the CVSS base score attributes. You must download and import the CVE-CVSS list into CCS independently. You can download the CVE-CVSS list from the Web site, http://nvd.nist.gov/download.cfm#CVE_FEED.
The CVE IDs are displayed for the evaluation results of the SCAP or OVAL evaluation job results. The results are displayed in the Monitor > Evaluation Results view of the console.