You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected to https://csrc.nist.gov.

You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

An official website of the United States government

Here’s how you know

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Institute of Standards and Technology

CSRC MENU

Projects
Publications Expand or Collapse

Drafts for Public Comment

All Public Drafts

Final Pubs

FIPS (standards)

Special Publications (SPs)

IR (interagency/internal reports)

CSWP (cybersecurity white papers)

ITL Bulletins

Project Descriptions

Journal Articles

Conference Papers

Books
Topics Expand or Collapse

Security & Privacy

Applications

Technologies

Sectors

Laws & Regulations

Activities & Products
News & Updates
Events
Glossary
About CSRC Expand or Collapse
Computer Security Division
Applied Cybersecurity Division
Contact Us

Information Technology Laboratory

Computer Security Resource Center

CSRC Logo

October 1, 2025: Due to a lapse in federal funding, this website is not being updated. Learn more.

Topics Security and Privacy risk management vulnerabilities

vulnerability management

Share to Facebook Share to X Share to LinkedIn Share ia Email

Related Projects

Bugs Framework BF
[Redirect to: https://usnistgov.github.io/BF/] The Bugs Framework (BF) is a structured causal...

Cybersecurity Supply Chain Risk Management C-SCRM
Cybersecurity Supply Chain Risk Management (C-SCRM) involves identifying, assessing, and mitigating...

DevSecOps
[Redirect to https://www.nccoe.nist.gov/projects/software-supply-chain-and-devops-security-practices...

Incident Response
In April 2025, NIST finalized Special Publication (SP) 800-61 Revision 3, Incident Response...

National Checklist Program NCP
NIST maintains the National Checklist Repository, which is a publicly available resource that...

View All Projects

Related Events

NIST Secure Software Development Framework for Generative AI and for Dual Use Foundation Models Virtual Workshop
January 17, 2024
We look forward to welcoming you to NIST’s Virtual Workshop on Secure Development Practices for AI...

Cyber Supply Chain Risk Management (C-SCRM): Validating the Integrity of Server and Client Devices
September 10, 2019
On Tuesday, September 10, 2019, NIST’s National Cybersecurity Center of Excellence Supply Chain...

Security Content Automation Protocol Version 2 Introductory Teleconference
October 4, 2018
We are pleased to announce that a teleconference introducing the SCAP Version 2 effort has been...

View All Events

Related News

IoT Device Network Behavior: NIST IR 8349
August 28, 2025
NIST’s National Cybersecurity Center of Excellence (NCCoE) has published NIST Internal Report (NIST...

Incident Response Recommendations and Considerations: Draft SP 800-61r3
April 3, 2024
The initial public draft of Special Publication (SP) 800-61r3 (Revision 3), "Incident Response...

Federal Vulnerability Disclosure Guidelines: NIST SP 800-216
May 24, 2023
Internal and external reporting of security vulnerabilities in software and information systems...

NIST releases NIST IR 8409: Measuring the CVSS Base Score Equation
November 15, 2022
NIST has published NIST Internal Report (IR) 8409, Measuring the Common Vulnerability Scoring System...

Submit Comments on NIST SP 1800-34 Initial Public Draft
June 23, 2022
The National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft of...

View All News

Related Publications

Methodology for Characterizing Network Behavior of IoT Devices
IR 8349
August 2025
Final

Secure Software Development, Security, and Operations (DevSecOps) Practices
SP 1800-44 (Initial Public Draft)
July 2025
Draft

Measuring the Exploitation of Weaknesses in the Wild
Journal Article
June 26, 2024
Citation: May/June 2024
Final

Incident Response Recommendations and Considerations for Cybersecurity Risk Management
SP 800-61 Rev. 3 (Initial Public Draft)
April 3, 2024
Withdrawn

The NIST Cybersecurity Framework 2.0
CSWP 29 (Initial Public Draft)
August 8, 2023
Withdrawn

View All Publications

vulnerability management

Used For

Topics

Related Topics

vulnerability management

Related Projects

Related Events

Related News

Related Publications

Related Presentations

Used For

Topics

Related Topics