About usage of CVSS in CCS

HOWTO76533

Last Updated May 08, 2012

About usage of CVSS in CCS

CVSS v2 (Common Vulnerability Scoring System) is a standard that is defined by the Forum of Incident Response and Security Teams (FIRST). FIRST, whose Web site is http://www.first.org/cvss, defines methods for scoring and rating the computer vulnerabilities. The National Vulnerability Database (NVD) defines and publishes the CVSS base scores and vector strings for the most known vulnerabilities.

NVD publishes the vulnerability summaries that provide detailed information, which includes the CVSS base score and vector strings. These vulnerability summaries can be accessed using the CVE (Common Vulnerabilities and Exposures) identifier (ID) for a given vulnerability.

CCS lets you import the CVE 2.0 and store the CVSS base scores and vector string data in the database. Links to the NVD vulnerability summaries through the CVE IDs are displayed for the SCAP evaluation result details.

CCS uses the CVE-CVSS standard in the following manner:

Imports the CVE list independent of the SCAP data stream.
See Importing CVE-CVSS list into CCS.
Displays the evaluation results in the Evaluation Results view of the console.
See Viewing the SCAP benchmarks evaluation results.
Exports the evaluation results.
See Exporting the SCAP content evaluation results.

See SCAP Content

See About risk and compliance score calculation for SCAP assets

Imported Document ID: HOWTO76533

Legacy ID: v66115622_v74603629

Thanks for your feedback. Let us know if you have additional comments below. (requires login)

About usage of CVSS in CCS

Description