Inclusion of Accurate CWE and CPE in CVE Notices, v1.0
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to include accurate common weakness enumeration (CWE) and common platform enumeration (CPE) fields in every common vulnerability and exposure (CVE) record that it publishes about its products and services.
Assessment Step
|
1
Inclusion of Accurate CWE and CPE in CVE Notices (InclusionofAccurateCWEandCPEinCVENotices)
Does the organization include accurate common weakness enumeration (CWE) and common platform enumeration (CPE) fields in every common vulnerability and exposure (CVE) record that it publishes about its products and services?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Inclusion of Accurate CWE and CPE in CVE Notices
The organization must include accurate common weakness enumeration (CWE) and common platform enumeration (CPE) fields in every common vulnerability and exposure (CVE) record that it publishes about its products and services.
Citation
SBDP
(doc)
|