About usage of CVSS in CCS
CVSS v2 (Common Vulnerability Scoring System) is a standard that is defined by the Forum of Incident Response and Security Teams (FIRST). FIRST, whose Web site is http://www.first.org/cvss, defines methods for scoring and rating the computer vulnerabilities. The National Vulnerability Database (NVD) defines and publishes the CVSS base scores and vector strings for the most known vulnerabilities.
NVD publishes the vulnerability summaries that provide detailed information, which includes the CVSS base score and vector strings. These vulnerability summaries can be accessed using the CVE (Common Vulnerabilities and Exposures) identifier (ID) for a given vulnerability.
CCS lets you import the CVE 2.0 and store the CVSS base scores and vector string data in the database. Links to the NVD vulnerability summaries through the CVE IDs are displayed for the SCAP evaluation result details.
CCS uses the CVE-CVSS standard in the following manner:
See SCAP Content
See About risk and compliance score calculation for SCAP assets
Thanks for your feedback. Let us know if you have additional comments below. (requires login)