Tenable Implements NIST's National Vulnerability Database (NVD) CVSS Scores in Nessus to Help Drive NIST's CVSS Scores as a Standard.

NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. recognizes that Tenable's Nessus is widely used within the Federal Government

COLUMBIA, Md. -- Tenable ten·a·ble
adj.
1. Capable of being maintained in argument; rationally defensible: a tenable theory.

2. Network Security, Inc. a leading developer of security management solutions and creator of the popular and award-winning Nessus vulnerability scanner A vulnerability scanner is a computer program designed to search for and map systems for weaknesses in an application, computer or network. Step 1, typically the scanner will first look for active IP addresses, open ports, OSes and any applications running. today announced the implementation of the National Institute of Standards and Technology National Institute of Standards and Technology, governmental agency within the U.S. Dept. of Commerce with the mission of "working with industry to develop and apply technology, measurements, and standards" in the national interest. (NIST) CVSS CVSS Common Vulnerability Scoring System
CVSS Currumbin Valley State School (Gold Coast, Australia) scores to help organizations improve discovery of vulnerabilities and prioritize remediation efforts. NIST recognizes that Tenable's Nessus Vulnerability Scanner is a widely used vulnerability discovery solution in the Federal Government. Tenable's implementation of NIST's CVSS scores will expedite uniform scoring across all US Federal Agencies.

"NIST has adopted the Common Vulnerable Scoring System (CVSS) for rating the impact of vulnerabilities published within the National Vulnerability Database An online search engine for the CVE vulnerabilities database. Users may select from any combination of vendor, product, vulnerability source, type or consequence to generate a list of documented vulnerabilities. (NVD See National Vulnerability Database. ). These scores are essential to enabling prioritization of vulnerability remediation. They are also a necessary component to NIST's efforts to automate FISMA FISMA Federal Information Security Management Act of 2002
FISMA Federal Information System Management Act technical control compliance. NIST is delighted that security companies such as Tenable are including National Vulnerability Database (NVD) Common Vulnerable Scoring System (CVSS) scores within their products. This will foster incorporation of U.S. government vulnerability impact scores within the Federal government and security community. NVD CVSS scores are essential to NIST's larger efforts to enable commercial tools to automate FISMA technical control compliance and to perform security measurement. Tenable's move in this direction will better enable them to support our efforts in this area," said Peter Mell, NIST Senior Computer Scientist and National Vulnerability Database Program Manager.

"Tenable's Security Center, Passive Vulnerability Scanner and Nessus Vulnerability Scanner all currently provide support for NIST's CVSS scores, and our research team is actively engaged with NIST on scoring for new vulnerabilities. We believe that our federal customers will greatly benefit from one universal severity rating for security vulnerabilities," says Ron Gula, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Tenable.

About NIST

Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Commerce Department's Technology Administration. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. For more information, please visit NIST: http://www.nist.gov.

About Tenable Network Security

Tenable Network Security is a leading provider of network security software solutions for vulnerability, security event, and compliance management. Tenable's award-winning products are utilized by many Global 2000 organizations and Government agencies to discover, unify and manage known vulnerabilities and log data to proactively minimize network risk. For more information, please visit http://www.tenablesecurity.com.

COPYRIGHT 2006 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Date:	Nov 15, 2006
Words:	410
Previous Article:	One Voice Demonstrates Voice Control for Windows Vista at EHX Fall 2006.
Next Article:	Information Resources, Inc. Announces Two Global Executive Appointments.
Topics:	Computer software industry Databases Standards Software industry

Related Articles
COOL SITE YIELDS HOT DATA ON HEAT TRANSMISSION.(Brief Article)(Statistical Data Included)
NIST DATA FACILITATE MATERIALS DEVELOPMENT FOR NEXT GENERATION IC CHIP.
NEW TOOL FOR IDENTIFYING VULNERABILITIES UP AND RUNNING.(Brief Article)
Foreword.
NIST announces approval of Advanced Encryption Standard. (News Briefs).(National Institute of Standards and Technology)(Brief Article)
A shot in the light: precise bullet replicas take aim at crime-fighting standards.(creation of the National Integrated Ballistic Information Network...
NIST publishes computer security guidelines. (General Development).(Brief Article)
NIST releases natural ventilation design and analysis tool.(General Developments)(Brief Article)
NIST participates in demonstration of first responder technologies to firefighters.(News Briefs)
NIST publishes new information security guidelines.(News Briefs)